Page 6 of 7 FirstFirst ... 4567 LastLast
Results 51 to 60 of 66

Thread: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

  1. #51
    JHill is offline Active Member
    Join Date
    Jun 2006
    Posts
    28
    Rep Power
    9

    Default

    Had the same issue with upgrade from 5.0.0GA to 5.0.1 today. Solved it by setting start_tls = no in the ldap-*.conf files.

  2. #52
    blaze is offline Senior Member
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    7

    Default Same issue

    Just adding my £2 to the pile: I have experienced the same issue with both 5.0 and 5.0.1. At present the only fix that works is to turn tls off via the config files. Really hope there is a resolution for this soon, as we are hoping to upgrade all of our servers, and a number of our clients are security crazy!

    Regards,
    Gary

  3. #53
    jmiles is offline Junior Member
    Join Date
    Oct 2007
    Posts
    9
    Rep Power
    7

    Default

    Quote Originally Posted by JHill View Post
    Had the same issue with upgrade from 5.0.0GA to 5.0.1 today. Solved it by setting start_tls = no in the ldap-*.conf files.
    I'll add my "me too" post to this thread as well. After upgrading from 4.5.10 NE to 5.0.1 NE I hit the same problem. I tried installing my commercial cert both from the Admin console as well as via zmcertmgr but postfix still barks. Changing the start_tls value to no in the ldap config files fixed it for now but I'd like to see it fixed via a patch or upgrade.

  4. #54
    brwatters's Avatar
    brwatters is offline Special Member
    Join Date
    Apr 2006
    Posts
    119
    Rep Power
    9

    Default

    I sure hope Zimbra comes out with 5.02 soon to address this issue as well as I hate having a hack in a production server.

    BRW

  5. #55
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    Quote Originally Posted by brwatters View Post
    I sure hope Zimbra comes out with 5.02 soon to address this issue
    The issue will indeed be addressed in 5.0.2, and was due to a bug in postfix which we've patched around.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #56
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    This looks like the fixed Bug 23922 - 4.x.x to 5.0.x upgrades with existing commercial certs may fail. (allow startTLS to succeed even if CA cert chain is missing)
    -There was also a postfix bug as well.

  7. #57
    JHill is offline Active Member
    Join Date
    Jun 2006
    Posts
    28
    Rep Power
    9

    Default

    In 5.0.2, we're still unable to receive mail with start_tls = yes in ldap-*.cf files. Here's the config:
    server_host = ldap://mail.domain.com:389
    server_port = 389
    search_base =
    query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=% s)(zimbraMailCatchAllAddress=%s))(zimbraMailStatus =enabled))
    result_attribute = zimbraMailCanonicalAddress,zimbraMailCatchAllCanon icalAddress
    version = 3
    start_tls = no
    tls_ca_cert_dir = /opt/zimbra/conf/ca
    bind = yes
    bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
    bind_pw = pass
    timeout = 30

  8. #58
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    Quote Originally Posted by JHill View Post
    In 5.0.2, we're still unable to receive mail with start_tls = yes in ldap-*.cf files. Here's the config:
    Showing the config isn't very useful, unfortunately. What would be useful is to know if you can get
    Code:
    ldapsearch -x -ZZ -h mail.domain.com
    as the Zimbra user to work. If not, what errors it shows.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  9. #59
    JHill is offline Active Member
    Join Date
    Jun 2006
    Posts
    28
    Rep Power
    9

    Default

    Quote Originally Posted by quanah View Post
    Showing the config isn't very useful, unfortunately. What would be useful is to know if you can get
    Code:
    ldapsearch -x -ZZ -h mail.domain.com
    as the Zimbra user to work. If not, what errors it shows.
    That worked fine, same ldapsearch results with start_tls set to yes and no.

    Here are the errors from zimbra.log:
    Feb 10 23:59:39 zimbra postfix/trivial-rewrite[24096]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
    Feb 10 23:59:39 zimbra last message repeated 2 times
    Feb 10 23:59:39 zimbra postfix/trivial-rewrite[24096]: fatal: ldap://opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem

  10. #60
    fultonj is offline Senior Member
    Join Date
    Feb 2008
    Location
    Easton PA
    Posts
    63
    Rep Power
    7

    Default Which config file turns off start_tls?

    What is the absolute path of the above config file?

    On 02-10-2008, 08:32 AM jhill provided a sample config to set start_tls = no. I can't find any such file to set this value for. I'm having the same problem and I'd like to use the same fix.

    find doesn't seem to return what I need so do I create this file? If so where?

    find /opt/zimbra -exec grep -q "start_tls" '{}' \; -print

Page 6 of 7 FirstFirst ... 4567 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 10:43 AM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •