Possible Cert / TLS problem in 5.0.2, suggested fixes not working

[m-cubed]

I had tested Zimbra v4 on Ubuntu a while and then went up through the v5 betas. Ended up spending most of my time configuring LDAP and Samba so I did not even get the mail server live. Started working on testing the mail server after upgrading to Zimbra from 5.0.0_RC2_1745 to 5.0.2_GA_1975.

Of course I could not get mail to send. I think the most telling errors are...

lisa postfix/trivial-rewrite[9772]: warning: dict_ldap_connect: Unable to bind to server ldap://mail.themorrells.org:389 as uid=zmpostfix,cn=appaccts,cn=zimbra: 49 (Invalid credentials)

lisa postfix/trivial-rewrite[12622]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem

So I followed on the forums on fixing the TLS errors which seemed to be relevant with no luck. Can anyone help? Where should I start?

[phoenix]

Why do you think this is anything to do with TLS or a Certificate problem? The error line you've posted above contains: "Unable to bind to server" and that usually means that LDAP isn't running. Try and telnet to port 389 and see if you get a connection, if you don't try the wiki Troubleshooting tips. The usual reason for LDAP problems is that you don't have correct DNS A & MX records or your /etc/host file is incorrect, if you're behind a NAT device you'll also need a Split DNS set-up. As you mention mail sending problems I'd go with the suggestion that your DNS isn't right.

[m-cubed]

The reason I went down the certificate route is because the error

lisa postfix/trivial-rewrite[12622]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem

seems to be commonly associated with certificate problems in the forums.

LDAP is at least working in general since Samba authenticates through it and I can access the webmail and admin interfaces with no problems. I checked with telnet and netstat and everything seems fine. This machine does have multiple IPs associated with it so SLAPD is only bound to one IP. Does Zimbra expect LDAP on the loopback too?

Since, according to the errors, uid=zmpostfix,cn=appaccts,cn=zimbra is failing I tried checking by hand with no luck.

zmlocalconfig -s ldap_postfix_password
ldap_postfix_password = ...

ldapwhoami -x -D"uid=zmpostfix,cn=appaccts,cn=zimbra" -W -h mail.themorrells.org
ldap_bind: Invalid credentials (49)

I do have a caching DNS setup behind the firewall so for Zimbra, mail.themorrells.org resolves correctly to the internal IP.
Everything else about Zimbra, including integration with Samba, seems to work fine. I can log in to email accounts, fetch external mail, and use the admin interface but I cant send mail to internal or external accounts. Is there some other information I could provide to help figure this problem out?

[phoenix]

Well, let's start with confirmation that your DNS is correct. Run the following commands on the zimbra server:

Code:

host `hostname`   <-- use backticks not single quotes
dig themorrells.org mx
dig themorrells.org any

and post the results.

[m-cubed]

All right something is configured wrong. host does not find lisa correctly and dig is giving me my external mail servers. I will fix the dig results.

Code:

host `hostname`
Host lisa not found: 3(NXDOMAIN)
dig themorrells.org mx
; <<>> DiG 9.3.2 <<>> themorrells.org mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39346
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 5

;; QUESTION SECTION:
;themorrells.org.               IN      MX

;; ANSWER SECTION:
themorrells.org.        1097    IN      MX      20 smtp.easydns.com.
themorrells.org.        1097    IN      MX      30 smtp2.easydns.com.
themorrells.org.        1097    IN      MX      0 mail2.themorrells.org.

;; AUTHORITY SECTION:
themorrells.org.        712     IN      NS      remote2.easydns.com.
themorrells.org.        712     IN      NS      ns1.easydns.com.
themorrells.org.        712     IN      NS      remote1.easydns.com.
themorrells.org.        712     IN      NS      ns2.easydns.com.

;; ADDITIONAL SECTION:
mail2.themorrells.org.  712     IN      A       209.177.155.19
ns1.easydns.com.        51733   IN      A       66.225.199.10
remote1.easydns.com.    105171  IN      A       209.200.131.4
ns2.easydns.com.        21932   IN      A       209.200.151.4
remote2.easydns.com.    26058   IN      A       205.210.42.19

;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Mon Mar 17 19:44:39 2008
;; MSG SIZE  rcvd: 269

Do you have any ideas why the hostname is showing up wrong? Zimbra is running on Ubuntu in a chroot jail off of Gentoo. It appears host returns the hostname defined under Gentoo and not Ubuntu.