exim4 error afther installing commercial certificate

[dent]

Hello out there,

I got a "little" (hope so) problem I can't resolve.

Since last week I had Zimbra 4.5.x running on debian sarge and so I had to dist-upgrade my system before installing Zimbra 5.0.5. Everything works fine (of course some little problems) and since last thursday the new Zimbra on debian etch is running. Yesterday I installed a new SSL certificate (Thawte.com) after testing with the VeriSign test certificate for a few days. I installed the new certificate with this command as root (found it here):

/opt/zimbra/bin/zmcertmgr deploycrt comm /PATH/FILENAME /opt/zimbra/curl-7.17.0/share/curl/curl-ca-bundle.crt

It works fine I thougt, but now I have a little problem (exim4 mainlog):

recipient@domain.com R=smarthost T=remote_smtp_smarthost defer (-53): retry time not reached for any host

There is no entry at zimbra log.
This problems are on several server at my office, sending systemmails every day (for example bacula) and since installing the new certificate.
I have some "online" (not here in office) server too and they are still sending mails. The different is in /etc/mailnane:

inhouse server: mailserver.domain.com
online server: domain.com

Another change since with the new certificate:
A user has to use NAME@domain.com + passwort to login at zimbra. Before that he just has to use NAME + password.

Thats all I know at the moment. I already tried to change the exim configuration to domain.com.

Our system uses IMAP with SSL/TLS auth, SMTP doesn't need SSL/TLS authentification.

Hope to get some help,
Sebastian

[dijichi2]

exim4 shouldn't be running at all.

[dent]

Sorry I'm not sure what you mean. Of course exim4 is running (on the servers that can't send mails over the mailserver).

Another information: the certificate is for the subdomain mailserver.domain.com - thats the domain of the mailserver and the IMAP/SMTP server.

[dijichi2]

sorry, your original explanation is not clear then. exim4 should not be running on any server with zimbra - zimbra depends on its own builtin postfix. if you're running exim4 on other servers this shouldn't have anything to do with zimbra.

apologies if i'm missing the point entirely!

[dijichi2]

Quote:

Another change since with the new certificate:
A user has to use NAME@domain.com + passwort to login at zimbra. Before that he just has to use NAME + password.

Are you sure you haven't just lost the default domain, or lost vhost settings per domain if you're using NE?

[dent]

2008-05-30 12:36:10 1K21xx-0005FP-B0 TLS error on connection to mailserver.domain.com [85.14.253.20] (gnutls_handshake): Internal error in memory allocation.
2008-05-30 12:36:10 1K21xx-0005FP-B0 TLS session failure: delivering unencrypted to mailserver.domain.com [IP.AD.DR.ES] (not in hosts_require_tls)
2008-05-30 12:36:10 1K21xx-0005FP-B0 => recipient@domain.com R=dnslookup T=remote_smtp H=mailserver.domain.com [IP.AD.DR.ES]
2008-05-30 12:36:10 1K21xx-0005FP-B0 Completed


this is the log of a "online" server which still sends mails.

At admin interface of zimbra I changed the option "default domain" to mailserver.domain.com - it was on domain.com. But that was a few hours ago.


EDIT:
when I set up a new server inhouse with exim4 it works. Sill the warning above, but it works. But I already tried to reconfigure on other machines :/

[dent]

I installed postfix on thow machines (debian is uninstalling exim with this progress) and then it works...

I'm sure its a "known certificate" problem with exim4/gnutls. I read something about that. But I can't fix it.