Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Bad Record Mac/SSL Errors after upgrading to ZCS 8.0.3

  1. #1
    McBOeric is offline Starter Member
    Join Date
    Jul 2012
    Posts
    2
    Rep Power
    3

    Default Bad Record Mac/SSL Errors after upgrading to ZCS 8.0.3

    I updated last week from 8.0.1 to 8.0.3_GA_5664.FOSS and I am now getting errors in the log as well as emails that are not being delivered.

    Here is an error from /var/log/zimbra.log

    Code:
    Apr 29 07:23:30 zmail postfix/smtpd[31646]: Anonymous TLS connection established from unknown[192.168.1.7]: TLSv1 with cipher AES256-SHA (256/256 bits)
    Apr 29 07:23:30 zmail postfix/smtpd[31646]: warning: TLS library problem: 31646:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:482:
    Apr 29 07:23:30 zmail postfix/smtpd[31646]: lost connection after EHLO from unknown[192.168.1.7]
    Apr 29 07:23:30 zmail postfix/smtpd[31646]: disconnect from unknown[192.168.1.7]
    Here is an error from /var/log/mail/log

    Code:
    Apr 28 06:53:30 zmail postfix/smtpd[527]: Anonymous TLS connection established from unknown[192.168.1.7]: TLSv1 with cipher AES256-SHA (256/256 bits)
    Apr 28 06:53:30 zmail postfix/smtpd[527]: warning: TLS library problem: 527:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:482:
    Apr 28 06:53:30 zmail postfix/smtpd[527]: lost connection after EHLO from unknown[192.168.1.7]
    I am running a VM with ubuntu 10.04.

    Any help in fixing my issues would be appreciated.

  2. #2
    raragon is offline Active Member
    Join Date
    Oct 2009
    Location
    Valencia, Spain
    Posts
    27
    Rep Power
    5

    Default

    Hi, I have exactly the same problem but in a ubuntu 12.04 also running a VM on a AMD-64 server.
    I updated the openssl libraries but the problems goes on.

    Is it a bug?

  3. #3
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    This is a bug in the version of OpenSSL shipped in 8.0.3 It will be fixed in 8.0.4
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    raragon is offline Active Member
    Join Date
    Oct 2009
    Location
    Valencia, Spain
    Posts
    27
    Rep Power
    5

    Default

    Thanks quanah, but while 8.0.4 is released is there any way to bypass the problem?
    Some mails are comming in several hours late.

    Is it possible deny TLS connections from a rely server?

  5. #5
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    I believe you could disable that particular cipher.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    vavai's Avatar
    vavai is offline Special Member
    Join Date
    May 2007
    Location
    Indonesia
    Posts
    149
    Rep Power
    8

    Default

    Hi Quanah,

    Quote Originally Posted by quanah View Post
    I believe you could disable that particular cipher.
    Does this means that we using plain connection between internal server, something like :

    Code:
    zmprov ms zproxy.mydomain.com zimbraReverseProxySSLToUpstreamEnabled FALSE
    I have similar problem on Zimbra proxy connection with back end mailbox servers : Bug 80563 : downloading large mails (>2MB) over WAN links closes IMAP/POP3 sessions
    Best Regards
    ---
    Masim "Vavai" Sugianto
    Zimbra Tutorial
    Personal Blog [ID]

    Release 8.0.6_GA_5922.SLES11_64_20131203103702 SLES11_64 FOSS edition.

  7. #7
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    80563 has zero to do with the OpenSSL issue noted in this discussion.

    You can try Bug 80563 – downloading large mails (>2MB) over WAN links closes IMAP/POP3 sessions as a workaround for your issue. As i noted in 80563, that particular problem seems to be an issue in Java itself.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  8. #8
    raragon is offline Active Member
    Join Date
    Oct 2009
    Location
    Valencia, Spain
    Posts
    27
    Rep Power
    5

    Default

    How quanah? I've been looking for and I didn't found the right parameter. Thanks

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by raragon View Post
    How quanah? I've been looking for and I didn't found the right parameter. Thanks
    Did you follow the link you we're given (hint: It takes you to the exact steps you need)?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    raragon is offline Active Member
    Join Date
    Oct 2009
    Location
    Valencia, Spain
    Posts
    27
    Rep Power
    5

    Default

    I'm sorry phoenix but the only link I can see is about Bug 80563 and this is not my question ( I think ).
    I'd like to know about how avoid TLS SMTP connections and this way bypass the OPENSSL bug. Thanks.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Errors in mysql_error.log after upgrading to Zimbra 8.0.0 GA
    By nitrogenetics in forum Administrators
    Replies: 8
    Last Post: 11-17-2012, 02:49 PM
  2. [SOLVED] Errors upgrading to 5.0.8NE
    By blazeking in forum Installation
    Replies: 5
    Last Post: 07-22-2008, 12:13 AM
  3. Replies: 5
    Last Post: 02-08-2008, 09:50 AM
  4. Integrity Report Errors when upgrading
    By gfdos.sys in forum Installation
    Replies: 1
    Last Post: 01-24-2008, 01:55 PM
  5. Upgrading to 3.1.3 errors sumary
    By kowell in forum Administrators
    Replies: 8
    Last Post: 06-25-2006, 12:11 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •