TLS not working?

[3RiversTechAdmin]

Hey everyone,
Sorry this is a repost, but I had no response on the admin board.

I am having a problem with SMTP with TLS,
I can send messages with useing SMTP with no TLS just fine, but when I enable it, Thunderbird complains:

Quote:

Sending of message failed.

An error occurred sending mail: Unable to connect to SMTP server
via STARTTLS since it doesn't offer STARTTLS In EHLO reponse. Please verify that your
Mail/News account settings are correct and try again.

and I see this in the zimbra.log

Quote:

Nov 30 13:41:00 localhost postfix/smtpd[7432]: connect from unknown[192.168.X.XX]
Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt
Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: TLS library problem: 7608:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('/opt/zimbra/conf/smtpd.crt','r'):
Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: TLS library problem: 7608:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: TLS library problem: 7608:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:760:
Nov 30 13:41:04 localhost postfix/smtpd[7608]: cannot load RSA certificate and key data
...
Nov 30 13:41:11 localhost postfix/smtpd[7432]: lost connection after STARTTLS from unknown[192.168.X.XX]
Nov 30 13:41:11 localhost postfix/smtpd[7432]: disconnect from unknown[192.168.X.XX]

Also, the above was all internal, my server is currently using the old mail server as a relay host. When I attempt to telnet into 25 on the new server it will work locally, but not from the outside. If I do a port scan my port 25 appears to be open. Any ideas on these issues your sincerely be appreciated.

P.S. My certs right now match hostname.domainname.com, but I want them to be for mail.domainname.com, has anyone done this before?

[phoenix]

Quote:

Originally Posted by 3RiversTechAdmin

Hey everyone,
Sorry this is a repost, but I had no response on the admin board.

I think an hour and seven minutes is rather a short time to wait before duplicating a post - please don't do it. I'll delete the other one in the Admin forum.

[dkarp]

If you're on Debian, have you checked to make sure you don't have permission problems?

[3RiversTechAdmin]

Quote:

Originally Posted by dkarp

If you're on Debian, have you checked to make sure you don't have permission problems?

Everything looks alright, I ran zmfixpermissions to be sure, to no avail. I am runninf Ubuntu 6.06 Server, so yes, basically Debian. Any futher ideas you might have would be great

[jholder]

Are you running 4.0.4?

[3RiversTechAdmin]

Quote:

Originally Posted by wannabetenor

Are you running 4.0.4?

I'm running Zimbra version 4.0.2_GA_362.DEBIAN3.1 Sep 22, 2006
and Linux version 2.6.15-27-server #1 SMP
(Ubuntu 6.06 LTS Server)

Everything besides the above started issues is working great...

[tim_ba]

This is an old thread, but I have the same problem with Zimbra 5.0.14 FOSS and Thunderbird 2.0.21:
Sending of message failed.
An error occurred sending mail: Unable to connect to SMTP server via STARTTLS since it doesn't offer STARTTLS In EHLO reponse. Please verify that your Mail/News account settings are correct and try again.

This surely is not a bug, it's about some configuration.
IMAP and POP3 work with TLS or SSl only, but SMTP works without TLS or SSl only. I'm using a local certificate.

[zimbra@server ~]$ postconf mynetworks
mynetworks = 127.0.0.0/8 X.X.X.X/27 10.0.0.0/8
X.X.X.X/27 refers to public IP addresses, where Zimbra is, and 10.0.0.0/8 refers to private LAN addresses where the clients are.

Due to Telnet port change, I had to change Zimbra port, but that shold be OK now, there are no errors.

Any help?

[uxbod]

Wiki :: Unable to set STARTTLS

[tim_ba]

Thank you for you link. I read a lot of posts for this, but I couldn't solve this.
Now, although Thunderbird error message is the same, when I checked mailbox.log, I found that there are no error messages, but this:

2009-03-26 18:44:51,023 INFO [ImapServer-13] [] imap - [X.X.X.MAIL] connected
2009-03-26 18:44:51,024 INFO [ImapServer-13] [ip=X.X.X.MAIL;oip=X.X.X.FIREWALL;] imap - IMAP client identified as: {X-ORIGINATING-IP=X.X.X.FIREWALL}
2009-03-26 18:44:51,024 INFO [ImapServer-13] [name=NAME@SERVER;ip=X.X.X.MAIL;oip=X.X.X.FIREWALL;] imap - user NAME@SERVER authenticated, mechanism=PLAIN
2009-03-26 18:44:51,028 INFO [ImapServer-13] [name=NAME@SERVER;ip=X.X.X.MAIL;oip=X.X.X.FIREWALL;] imap - selected folder Drafts

What is interesting for me is this "mechanism=PLAIN", although SMTP secure connection is set to TLS.
I must make some correction: IMAP and POP3 work with TLS or SSL only (which is logical), but SMTP works without security or with SSL only (TLS doesn't work, which doesn't make sense for me).
How is this possible? MTA settings for "Enable Authentication" and "TLS authentication only" are on.

[tim_ba]

After I put client authentication on, I have the following:
- IMAP and POP3 work with TLS or SSL only (which is logical),
- SMTP works with SSL only (TLS doesn't work, which doesn't make sense for me, and SMTP without security receives "Relay access denied" message in Thunderbird).