Results 1 to 10 of 10

Thread: TLS not working?

  1. #1
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Unhappy TLS not working?

    Hey everyone,
    Sorry this is a repost, but I had no response on the admin board.

    I am having a problem with SMTP with TLS,
    I can send messages with useing SMTP with no TLS just fine, but when I enable it, Thunderbird complains:
    Sending of message failed.

    An error occurred sending mail: Unable to connect to SMTP server
    via STARTTLS since it doesn't offer STARTTLS In EHLO reponse. Please verify that your
    Mail/News account settings are correct and try again.
    and I see this in the zimbra.log
    Nov 30 13:41:00 localhost postfix/smtpd[7432]: connect from unknown[192.168.X.XX]
    Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt
    Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: TLS library problem: 7608:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('/opt/zimbra/conf/smtpd.crt','r'):
    Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: TLS library problem: 7608:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
    Nov 30 13:41:04 localhost postfix/smtpd[7608]: warning: TLS library problem: 7608:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:760:
    Nov 30 13:41:04 localhost postfix/smtpd[7608]: cannot load RSA certificate and key data
    ...
    Nov 30 13:41:11 localhost postfix/smtpd[7432]: lost connection after STARTTLS from unknown[192.168.X.XX]
    Nov 30 13:41:11 localhost postfix/smtpd[7432]: disconnect from unknown[192.168.X.XX]
    Also, the above was all internal, my server is currently using the old mail server as a relay host. When I attempt to telnet into 25 on the new server it will work locally, but not from the outside. If I do a port scan my port 25 appears to be open. Any ideas on these issues your sincerely be appreciated.

    P.S. My certs right now match hostname.domainname.com, but I want them to be for mail.domainname.com, has anyone done this before?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by 3RiversTechAdmin View Post
    Hey everyone,
    Sorry this is a repost, but I had no response on the admin board.
    I think an hour and seven minutes is rather a short time to wait before duplicating a post - please don't do it. I'll delete the other one in the Admin forum.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    dkarp is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    11

    Default Debian?

    If you're on Debian, have you checked to make sure you don't have permission problems?
    Bugzilla - Wiki - Downloads - Before posting... Search!

  4. #4
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Unhappy Permissions (I think) are a non-issue

    Quote Originally Posted by dkarp View Post
    If you're on Debian, have you checked to make sure you don't have permission problems?
    Everything looks alright, I ran zmfixpermissions to be sure, to no avail. I am runninf Ubuntu 6.06 Server, so yes, basically Debian. Any futher ideas you might have would be great

  5. #5
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Are you running 4.0.4?

  6. #6
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Unhappy

    Quote Originally Posted by wannabetenor View Post
    Are you running 4.0.4?
    I'm running Zimbra version 4.0.2_GA_362.DEBIAN3.1 Sep 22, 2006
    and Linux version 2.6.15-27-server #1 SMP
    (Ubuntu 6.06 LTS Server)

    Everything besides the above started issues is working great...

  7. #7
    tim_ba is offline Active Member
    Join Date
    Mar 2009
    Location
    Sarajevo
    Posts
    44
    Rep Power
    6

    Default

    This is an old thread, but I have the same problem with Zimbra 5.0.14 FOSS and Thunderbird 2.0.21:
    Sending of message failed.
    An error occurred sending mail: Unable to connect to SMTP server via STARTTLS since it doesn't offer STARTTLS In EHLO reponse. Please verify that your Mail/News account settings are correct and try again.

    This surely is not a bug, it's about some configuration.
    IMAP and POP3 work with TLS or SSl only, but SMTP works without TLS or SSl only. I'm using a local certificate.

    [zimbra@server ~]$ postconf mynetworks
    mynetworks = 127.0.0.0/8 X.X.X.X/27 10.0.0.0/8
    X.X.X.X/27 refers to public IP addresses, where Zimbra is, and 10.0.0.0/8 refers to private LAN addresses where the clients are.

    Due to Telnet port change, I had to change Zimbra port, but that shold be OK now, there are no errors.

    Any help?

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

  9. #9
    tim_ba is offline Active Member
    Join Date
    Mar 2009
    Location
    Sarajevo
    Posts
    44
    Rep Power
    6

    Default

    Thank you for you link. I read a lot of posts for this, but I couldn't solve this.
    Now, although Thunderbird error message is the same, when I checked mailbox.log, I found that there are no error messages, but this:

    2009-03-26 18:44:51,023 INFO [ImapServer-13] [] imap - [X.X.X.MAIL] connected
    2009-03-26 18:44:51,024 INFO [ImapServer-13] [ip=X.X.X.MAIL;oip=X.X.X.FIREWALL;] imap - IMAP client identified as: {X-ORIGINATING-IP=X.X.X.FIREWALL}
    2009-03-26 18:44:51,024 INFO [ImapServer-13] [name=NAME@SERVER;ip=X.X.X.MAIL;oip=X.X.X.FIREWALL;] imap - user NAME@SERVER authenticated, mechanism=PLAIN
    2009-03-26 18:44:51,028 INFO [ImapServer-13] [name=NAME@SERVER;ip=X.X.X.MAIL;oip=X.X.X.FIREWALL;] imap - selected folder Drafts

    What is interesting for me is this "mechanism=PLAIN", although SMTP secure connection is set to TLS.
    I must make some correction: IMAP and POP3 work with TLS or SSL only (which is logical), but SMTP works without security or with SSL only (TLS doesn't work, which doesn't make sense for me).
    How is this possible? MTA settings for "Enable Authentication" and "TLS authentication only" are on.

  10. #10
    tim_ba is offline Active Member
    Join Date
    Mar 2009
    Location
    Sarajevo
    Posts
    44
    Rep Power
    6

    Default

    After I put client authentication on, I have the following:
    - IMAP and POP3 work with TLS or SSL only (which is logical),
    - SMTP works with SSL only (TLS doesn't work, which doesn't make sense for me, and SMTP without security receives "Relay access denied" message in Thunderbird).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Howto setup TLS usage with upstream MTA
    By markymarknz in forum Installation
    Replies: 3
    Last Post: 10-21-2008, 11:49 AM
  2. Smtp Tls
    By kollross in forum Administrators
    Replies: 10
    Last Post: 06-29-2007, 09:57 AM
  3. Certificate problem with SMTP using TLS
    By yuit in forum Installation
    Replies: 4
    Last Post: 11-02-2006, 06:03 PM
  4. Supporting SPA and TLS for SMTP relaying
    By pbwebguy in forum Installation
    Replies: 1
    Last Post: 05-18-2006, 07:59 AM
  5. tls auth only?
    By rmvg in forum Administrators
    Replies: 16
    Last Post: 10-23-2005, 08:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •