SMTP SSL Problem

[nexus]

Installed my commercial cert which was a pain but it finally got done. https works for the web interface, imap and pop work across ssl. smtp however is a different story.

my log shows a bunch of this

Mar 9 11:06:09 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:48 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:48 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:48 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:49 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:02 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[2697]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[1231]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[2697]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:08:02 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:08:08 mail postfix/smtpd[3800]: warning: TLS library problem: 3800:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
Mar 9 11:08:20 mail postfix/smtpd[3899]: warning: TLS library problem: 3899:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
Mar 9 11:09:03 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:04 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:04 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:12 mail postfix/smtpd[4729]: warning: TLS library problem: 4729:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
Mar 9 11:11:05 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]


Any idea? I've searched. I've tried all the posted ideas. Nothing.

[jholder]

Try regenerating your certificates. You can find this in the wiki.

[nexus]

I can't regenerate my certificates. They are issued by a higher authority. What I need is for them to work with the mta like they work with everything else. I'm baffled by why this is so difficult to get working.

[kirme3]

Are you wanting to use TLS on port 25 or ssl on port 465?

[m.a.g.]

In /var/log/zimbra.log I have entries containing:

Code:

Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: cannot get private key from file /opt/zimbra/conf/smtpd.key
Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:401:
Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
Mar 12 21:22:30 mail postfix/smtpd[7799]: cannot load RSA certificate and key data

I'm running Zimbra Open Source Edition on Debian 3.1, and use SMTP over SSL on port 465. It used to work with 4.0.5, but after upgrading to 4.5.3, it's no longer working. In the Admin-Interface I have Authentication and secure Authentication enabled, but I can only send emails when I use SMTP on port 25 without authentication (even when the boxes are checked). Secure IMAP is enabled as well, and works very well.

After the upgrade I had to replace smtpd.key and smtpd.crt and the keystore as well. Permissions are set exactly the same as they were before the upgrade. Regenerating the cert is not possible, since it is a commercial one. And it used to be fine before the upgrade and it is still working IMAPS and https-Access to the webmail.

What got broken during upgrade? What did I miss?
Thanks a lot for your help.

[m.a.g.]

Doesn't anybody have a solution?

This error doesn't let me use Zimbra as the productive system...

Thank you.

[jholder]

Have a look here:
http://archives.neohapsis.com/archiv...3-12/0450.html

[m.a.g.]

That was the thing to do! It's working now ;-)

What I do not understand: did this change with the update to 4.5.3? It was working before with 4.0.5...

Thank you very much for your help!!!

[jholder]

I don't know. This is the first instance I've seen of this.

Glad it's working

-john