Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page Unable to send mail after upgrading to 5.0.0 (LDAP TLS trouble)

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-04-2008, 12:43 AM
New Member
  
Posts: 4
Default Unable to send mail after upgrading to 5.0.0 (LDAP TLS trouble)
I decided to upgrade from 4.5.9 to 5.0.0 on OpenSuSE 10.0 yesterday. I ended up staying up all night, getting to bed at 10am. This post is an attempt to save someone else from the same fate.

The install seemed to go well, except that it got a bit hung up on starting LDAP. I managed to get it to finish and everything looked great. Then I tried to send an email. Trying to send it from Outlook failed with a very long delay. Trying to send through the web interface caused my browser to hang, requiring a kill on both Firefox and IE7. Finally I tried a manual SMTP session using telnet. It went like this:

1. telnet localhost 25 (received 220)
2. helo test.com (received 250)
3. mail from: me@me.com

At this point, I got no response. This didn't look good.

After long hours of struggle and searching, I finally found an article about postfix hanging after "mail from" when using a mysql backend. It warned that using mysql or ldap at this point was probably a bad idea since they could potentially fail, causing exactly the problem I saw.

Ultimately I determined that the problem was solved by changing the ldap scripts to not start TLS. Initially I did this directly in the conf/ldap-*.cf files but it turns out that you need to change libexec/zmmtainit instead. Open the file and look for:

Code:
if [ "$num" == 5 ]; then
   STARTTLS="no"
else
   STARTTLS="yes"
fi
All I had to do was swap the yes and the no like this:

Code:
if [ "$num" == 5 ]; then
   STARTTLS="yes"
else
   STARTTLS="no"
fi
Actually, I sort of wonder if this is not correct anyway. Looking at the script, it is checking to see how much of the URL matches "ldaps". If 5 characters match, it means that the URL starts with ldaps:// rather than ldap://. Shouldn't we only be starting TLS in the "ldaps" case anyway?

Oh, and in case you read the post about expired LDAP certs causing delivery problems, that was not my problem. I replaced the certs and verified that they were good but still no dice. My LDAP is not externally visible anyway so I don't need TLS.

Anyway, if 4.5 worked fine (it didn't do the TLS stuff on LDAP) and after the upgrade you can't send mail, try this change and see if it saves you.

Cheers,
__________________
Scott Maxwell
Code Cobblers, Inc
Last edited by scottmax; 01-04-2008 at 12:47 AM.. Reason: additional information
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.