Results 1 to 10 of 10

Thread: External IMAP account forces TLS when I don't want it

  1. #1
    halfgaar's Avatar
    halfgaar is offline Active Member
    Join Date
    Dec 2009
    Location
    Netherlands
    Posts
    47
    Rep Power
    5

    Default External IMAP account forces TLS when I don't want it

    (edit: hmm, it works now. I disabled starttls on the server again and now it works...)

    Hi,

    I'm migrating my mail to zimbra, but I'm running into problems. I need to import my existing mail from my Imap server (running on my desktop PC). I can't upload to zimbra, because Thunderbird just stops after a while. So, I need to use the external account feature of Zimbra.

    However, when I try to connect, it says this:

    d2:CN22:halfgaar.kicks-ass.net1:O24:Internet Widgits Pty Ltd2:OU0:6:accept4:true5:alias26:localhost:AD30F7E 036BD704D4:fromi1283591878000e4:host9:localhost3:i cn22:halfgaar.kicks-ass.net2:io24:Internet Widgits Pty Ltd3:iou0:3:md532:2E1712109A87D760F23FB140F655247E 8:mismatch5:false1:s16:AD30F7E036BD704D4:sha140:47 18B4E622EA6B19D877CA6D73655DD20A6214032:toi1598951 878000ee
    I connect through an SSH tunnel to port 143, (local port 1900 to remote 143). Seeing as how it mentions certificate info like halfgaar.kicks-ass.net (my home address) and Internet Widgists, it is clear it communicates through TLS, because it can't know that otherwise. But, my certificate is self signed, so it gives an error.

    When I disable STARTTLS in the server, it gives a timeout.

    This post was of no help.

    My server is configured with:

    - zmtlsctl both (although that applies to the webserver, afaik)
    - zmlocalconfig -e ssl_allow_accept_untrusted_certs=true
    - zmlocalconfig -e data_source_trust_self_signed_certs=true

    I did zmcontrol restart to no avail.

    I also tried connecting directly with SSL port 993. Same problem.

    Anybody know the solution? Or perhaps another way to import mail?
    Last edited by halfgaar; 12-08-2010 at 12:12 PM. Reason: It mysteriously works now...

  2. #2
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default The same problem with TLS problem

    We have the same problem...

    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: d2:CN19osta.casablanca.cz1:O14:Casablanca INT2:OU0:6:accept4:true5:alias22osta.casablanca.cz:6E4:fromi1296638416000e4:host19osta.casablanca.cz3:icn17:Casablanca INT CA2:io14:Casablanca INT3:iou0:3:md532:C2F61F9F42CC4386D7F7649ABBEB4FAF 8:mismatch5:false1:s2:6E4:sha140:0AC8E1B8FFB0AAE5C 6FF537B67685F8E1F87720F2:toi1328174416000ee
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1649)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1206)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1149)
    at com.zimbra.common.net.CustomSSLSocket.startHandsha ke(CustomSSLSocket.java:90)
    at com.zimbra.cs.mailclient.MailConnection.startTls(M ailConnection.java:100)
    at com.zimbra.cs.mailclient.MailConnection.connect(Ma ilConnection.java:84)
    at com.zimbra.cs.datasource.imap.ConnectionManager.ne wConnection(ConnectionManager.java:145)
    ... 40 more


    - Certificate is not self-signed, is signed by self CA.
    - Certificate is not expired.
    - SSL3 is supported by target server.

    What should I do for success connect to IMAP account?

    I am not able to connect to External IMAP/POP3 account in webmail.
    I am not able to use Migration Wizard, there is the same error.

    Thank you for your help.
    Michael

  3. #3
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default The same problem

    Hi, did you already resolved this problem? We have the same...

    Thanks,
    Michael



    Quote Originally Posted by halfgaar View Post
    (edit: hmm, it works now. I disabled starttls on the server again and now it works...)

    Hi,

    I'm migrating my mail to zimbra, but I'm running into problems. I need to import my existing mail from my Imap server (running on my desktop PC). I can't upload to zimbra, because Thunderbird just stops after a while. So, I need to use the external account feature of Zimbra.

    However, when I try to connect, it says this:



    I connect through an SSH tunnel to port 143, (local port 1900 to remote 143). Seeing as how it mentions certificate info like halfgaar.kicks-ass.net (my home address) and Internet Widgists, it is clear it communicates through TLS, because it can't know that otherwise. But, my certificate is self signed, so it gives an error.

    When I disable STARTTLS in the server, it gives a timeout.

    This post was of no help.

    My server is configured with:

    - zmtlsctl both (although that applies to the webserver, afaik)
    - zmlocalconfig -e ssl_allow_accept_untrusted_certs=true
    - zmlocalconfig -e data_source_trust_self_signed_certs=true

    I did zmcontrol restart to no avail.

    I also tried connecting directly with SSL port 993. Same problem.

    Anybody know the solution? Or perhaps another way to import mail?

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,484
    Rep Power
    56

    Default

    Quote Originally Posted by meesha View Post
    Hi, did you already resolved this problem? We have the same...
    Did you read this line in the first post:

    Quote Originally Posted by halfgaar View Post
    (edit: hmm, it works now. I disabled starttls on the server again and now it works...)
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    Okey, I missed it. But it is not my possible solution. I need connect to the server, because I am not able change configuration (disable STARTTLS). Do you know, how to fix it on the client - Zimbra side?


    Quote Originally Posted by phoenix View Post
    Did you read this line in the first post:

  6. #6
    halfgaar's Avatar
    halfgaar is offline Active Member
    Join Date
    Dec 2009
    Location
    Netherlands
    Posts
    47
    Rep Power
    5

    Default

    I don't know of a client side solution. Perhaps you can work around it by somehow putting your mail in an IMAP server you set up yourself? Will your mail provider give you your server-side maildir in a tar.gz if you ask for it? If so, you can unpack it to your own machine on which you install an IMAP server.

    BTW: a friend of mine did find out why Thunderbird just stalls on uploading IMAP messages. He found that every message larger than a certain number of bytes would crash the process. I don't know how big, though...

    And another thing. I don't know if there is a solution for it already (there wasn't when I did it), but mail should be imported oldest-to-newest, to make sure your conversations are detected properly. The Migration wizard can do that, but that wizard has no support to download from IMAP.

  7. #7
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    I am able to do migration in other way - with imapsync. But what I cannot do different, is Preferences->Accounts->Add external account->IMAP/POP3. We are testing Zimbra before implementation. Our testing users found this problem with add external account.
    Our users have some external accounts on several IMAP servers (different server software/demons), where is impossible change configuration because of Zimbra client.
    I have tried 3 of them and everywhere is the same problem - mismatch certificates, that's why it is propably problem with client (Zimbra).


    Quote Originally Posted by halfgaar View Post
    I don't know of a client side solution. Perhaps you can work around it by somehow putting your mail in an IMAP server you set up yourself? Will your mail provider give you your server-side maildir in a tar.gz if you ask for it? If so, you can unpack it to your own machine on which you install an IMAP server.

    BTW: a friend of mine did find out why Thunderbird just stalls on uploading IMAP messages. He found that every message larger than a certain number of bytes would crash the process. I don't know how big, though...

    And another thing. I don't know if there is a solution for it already (there wasn't when I did it), but mail should be imported oldest-to-newest, to make sure your conversations are detected properly. The Migration wizard can do that, but that wizard has no support to download from IMAP.

  8. #8
    halfgaar's Avatar
    halfgaar is offline Active Member
    Join Date
    Dec 2009
    Location
    Netherlands
    Posts
    47
    Rep Power
    5

    Default

    Is there a bug report about it? Of not, you can always report it. Include a link to this forum post. It has information and confirmation of the bug.

  9. #9
    meesha is offline Senior Member
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    How to disable default starttls in zimbra to access external IMAP?

    zmlocalconfig -e javamail_imap_enable_starttls=false
    zmmailboxdctl restart

    Do it under the zimbra user to avoid problem with permissions of config file.
    Last edited by meesha; 07-01-2011 at 12:05 AM.

  10. #10
    jlguallar is offline Starter Member
    Join Date
    Apr 2012
    Posts
    2
    Rep Power
    3

    Default

    I had the same issue.

    meesha instructions above solved my issue.

    I run Zimbra 7.1.4 OpenSource edition on RHEL x86-63

    Thanks meesha!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 10-27-2010, 02:39 AM
  2. Replies: 2
    Last Post: 10-08-2010, 08:32 AM
  3. IMAP problem after added external account
    By Thanakorn in forum Administrators
    Replies: 5
    Last Post: 02-21-2008, 10:50 AM
  4. Replies: 9
    Last Post: 01-31-2008, 10:58 AM
  5. IMAP TLS Problems after upgrade to 4.5.3
    By shanson in forum Administrators
    Replies: 4
    Last Post: 03-22-2007, 08:05 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •