Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: SMTP SSL error

  1. #11
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default Nov 8 19:02:28 mx postfix/smtpd[20099]: warning: cannot get private key from file /o

    Did you re-run the zmcertinstall command? It takes two options for the mta, cert file and key file:

    zmcertinstall mta /opt/zimbra/ssl/ssl/server/smtpd.crt /opt/zimbra/ssl/ssl/ca/ca.key

  2. #12
    robroadie's Avatar
    robroadie is offline Intermediate Member
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default

    right....after much hacking and chopping around I've decided to begin again. ./install -u and I've started over again as the more I hacked the more things stopped working until I had no https and no IMAPs.

    Thanks for all the support so far!

    Will begin again and will post my results.

    To outline what I am trying to achieve: I want to configure a mail/collaboration suite on a server and for it to support multiple virtual domains. I'd like each of these virtual domains to have SSL on their POP/IMAP/SMTP mail.

  3. #13
    robroadie's Avatar
    robroadie is offline Intermediate Member
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default Reinstalled and ready to rock?

    Right, so I've got the server freshly installed and setup for one domain.

    Here's what works:
    IMAP with SSL from iMail client
    https:// :7071 for admin

    SMTP with Auth set in iMail fails with
    Code:
    Nov  8 23:02:27 mx postfix/smtpd[9327]: SSL_accept:error in SSLv3 read client certificate A
    Nov  8 23:02:27 mx postfix/smtpd[9327]: SSL_accept error from i-195-137-88-40.freedom2surf.net[195.137.88.40]: -1
    Nov  8 23:02:27 mx postfix/smtpd[9327]: lost connection after STARTTLS from i-195-137-88-40.freedom2surf.net[195.137.88.40]
    Nov  8 23:02:27 mx postfix/smtpd[9327]: disconnect from i-195-137-88-40.freedom2surf.net[195.137.88.40]
    after the key exchange

    http AND https for normal mail access are not running (but nmap shows the ports as open from both localhost and from the external IP)

  4. #14
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default other errors?

    Did postfix spit out any errors on startup regarding TLS?

  5. #15
    robroadie's Avatar
    robroadie is offline Intermediate Member
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default SMTP with SSL works!

    So, after a rebuild from scratch I have a working IMAP/POP/SMTP with SSL AUTH set of services.

    Here's what I've done to make sure that it works:
    My machine is currently on a private IP with ports forwarded through from the Real World (TM) by an IPCOP firewall. We are running a DNS server on a another machine on the LAN and Zimbra is using it for resolution of itself and other FQDNs. The /etc/hosts file has been modded:
    Code:
    127.0.0.1       localhost.localdomain   localhost
    192.168.0.150   mx.networkassociations.org.uk mx
    And during setup of Zimbra we setup the machine as mx.networkassociations.org.uk which has in turn created certificates that have a resovable FDQN matching that of the server connecting to.

    The iMail cient complains that the certificate has not been signed by a known authority but after I have said that I accept the certificate then all is good.

    And it works.

    But!

    My HTTP access is screwed - I've got HTTPS to :7071, but no HTTP or HTTP/S for email access......

    Thoughts anyone?

  6. #16
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Quote Originally Posted by robroadie
    My HTTP access is screwed - I've got HTTPS to :7071, but no HTTP or HTTP/S for email access......

    What do you get in the browser? Are you going to port 80? Did you try port 7070? Check out /opt/zimbra/tomcat/logs/catalina.out for more info.

  7. #17
    robroadie's Avatar
    robroadie is offline Intermediate Member
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default

    Quote Originally Posted by KevinH
    What do you get in the browser? Are you going to port 80? Did you try port 7070? Check out /opt/zimbra/tomcat/logs/catalina.out for more info.
    I checked out the /opt/zimbra/tomcat/logs/catalina.out file and wasn't seeing anything when attempting to connect. I restarted the services and all was OK.

    I'll write up more on my install and post it to these forums.

    Thank you for your continued support.

  8. #18
    robroadie's Avatar
    robroadie is offline Intermediate Member
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default Firewall ports I have opened up

    I'm posted some info on the firewall ports I have opened up here: http://www.zimbra.com/forums/showthr...=3332#post3332

  9. #19
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default https

    If you can get https on the admin interface (7071) then your certs are fine - can you telnet to port 443 or 7443 on the server?

    If not, then you need to change the server's mode:

    su - zimbra
    zmtlsctl mixed (or https)

    tomcat stop
    tomcat start

    mixed mode - https login, http session
    https mode - all https, all the time

  10. #20
    robroadie's Avatar
    robroadie is offline Intermediate Member
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default

    Quote Originally Posted by marcmac
    You need to change the server's mode:
    su - zimbra
    zmtlsctl mixed (or https)

    tomcat stop
    tomcat start

    Modes: mixed mode - https login, http session
    Modes: https mode - all https, all the time
    Marcmac, thanks for your support. As I mentioned in my previous post I restarted the services all was fine. Your information on how to change the server mode is really useful. I thought I'd highlight it by replying.

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 23
    Last Post: 01-24-2013, 03:44 PM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. M3 problem with shares
    By titangears in forum Users
    Replies: 4
    Last Post: 01-12-2006, 01:01 PM
  5. Building native libraries on MacOS X
    By ajmas in forum Developers
    Replies: 3
    Last Post: 10-14-2005, 11:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •