Zimbra 5 - reporting no owner for SSL cert?

[Mistoffeles]

I am having a problem with Thunderbird clients sending email with Zimbra configured to only user SSL ports (pop3 995 and smtp 465). T-Bird is saying that there is a domain name mismatch in the certificate (there isn't), and their support people are asking if the MTA is playing any shennanigans with the SSL connection details.

I am leaning towards this being a T-Bird problem, since everything appears to work fine in other email clients, but jsut to be safe I am asking here:

Does Zimbra 5.x not report all of the details, specifically the owner of the certificate, when a client is authenticating to send smtps mail on port 465?

Cheers,

[phoenix]

Quote:

Originally Posted by Mistoffeles

I am having a problem with Thunderbird clients sending email with Zimbra configured to only user SSL ports (pop3 995 and smtp 465). T-Bird is saying that there is a domain name mismatch in the certificate (there isn't), and their support people are asking if the MTA is playing any shennanigans with the SSL connection details.

I am leaning towards this being a T-Bird problem, since everything appears to work fine in other email clients, but jsut to be safe I am asking here:

I've never seen this problem using a Self-Signed certificate (I assume you are?) via SSL prots and any authenticated client such as Thunderbird, ZD etc. Where (or when) does Thunderbird throw the error?

Quote:

Originally Posted by Mistoffeles

Does Zimbra 5.x not report all of the details, specifically the owner of the certificate, when a client is authenticating to send smtps mail on port 465?

The correct Submission port is 587 and the RFC for port 486 has never been ratified, it's also deprecated for use as the submission port. By default Port 587 is enabled in ZCS 6.x and you can enable it in ZCS 5.x, use the following to enable it:

Code:

This port can be enabled by making the following change to /opt/zimbra/postfix/conf/master.cf, at the top of that file you'll find the following lines:

#submission inet n      -       n       -       -       smtpd
#   -o smtpd_etrn_restrictions=reject
#   -o smtpd_client_restrictions=permit_sasl_authenticated,reject

uncomment the three lines (leaving the white space on lines 2 & 3) and save the file.

[Mistoffeles]

This is a commercially signed certificate.

T-Bird throws the error on an attempted send. I have no problems otherwise, and have used several email clients to send and receive email on this server using pop3s on 995 and smtps on 465.

When I asked what ports to use in these forums earlier I was completely ignored, so I assumed nobody ever used SSL ports with Zimbra, which isn't acceptable in our environment (server shared between internal and outside users).

Zimbra is configured to use 465, I wish I could remember where that was confirmed for me, on the console or in the admin console, but it did confirm it and I have been able to send email with Outlook (both with and without the Outlook connector), OE and The Bat. Of course ZDC and the webmail work.

There is more detail posted here:

T-Bird problem, or CA, or *gasp* maybe something I did? • mozillaZine Forums

Cheers,