Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
  #1 (permalink)  
Old 03-09-2007, 11:17 AM
nexus nexus is offline
Member
 
Join Date: Jul 2006
Posts: 10
nexus is on a distinguished road
Default SMTP SSL Problem

Installed my commercial cert which was a pain but it finally got done. https works for the web interface, imap and pop work across ssl. smtp however is a different story.

my log shows a bunch of this

Mar 9 11:06:09 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:48 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:48 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:48 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:06:49 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:02 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[2697]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[1231]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:07:49 mail postfix/smtpd[2697]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:08:02 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:08:08 mail postfix/smtpd[3800]: warning: TLS library problem: 3800:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
Mar 9 11:08:20 mail postfix/smtpd[3899]: warning: TLS library problem: 3899:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
Mar 9 11:09:03 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:09:04 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:04 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:04 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:10:12 mail postfix/smtpd[4729]: warning: TLS library problem: 4729:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
Mar 9 11:11:05 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
Mar 9 11:11:19 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]


Any idea? I've searched. I've tried all the posted ideas. Nothing.
Reply With Quote
  #2 (permalink)  
Old 03-09-2007, 03:57 PM
jholder's Avatar
jholder jholder is offline
Zimbra Employee
 
Join Date: Oct 2005
Location: San Mateo, CA
ZCS Version: 5.0.5 RHEL4 64-bit GA
Posts: 5,409
jholder is on a distinguished road
Send a message via Yahoo to jholder
Default

Try regenerating your certificates. You can find this in the wiki.
__________________
Reply With Quote
  #3 (permalink)  
Old 03-09-2007, 05:16 PM
nexus nexus is offline
Member
 
Join Date: Jul 2006
Posts: 10
nexus is on a distinguished road
Default

I can't regenerate my certificates. They are issued by a higher authority. What I need is for them to work with the mta like they work with everything else. I'm baffled by why this is so difficult to get working.
Reply With Quote
  #4 (permalink)  
Old 03-09-2007, 08:31 PM
kirme3 kirme3 is offline
Special Member
 
Join Date: Apr 2006
Location: Illinois
ZCS Version: Release 4.5.11_GA_1751.MACOSX, Zimbra, Inc.
Posts: 168
kirme3 is on a distinguished road
Default

Are you wanting to use TLS on port 25 or ssl on port 465?
Reply With Quote
  #5 (permalink)  
Old 03-12-2007, 01:36 PM
m.a.g. m.a.g. is offline
Member
 
Join Date: Jul 2006
Location: Zurich, Switzerland
ZCS Version: 5.0.2_GA_1975_DEBIAN4.0
Posts: 28
m.a.g. is on a distinguished road
Default

In /var/log/zimbra.log I have entries containing:
Code:
Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: cannot get private key from file /opt/zimbra/conf/smtpd.key
Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:401:
Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
Mar 12 21:22:30 mail postfix/smtpd[7799]: cannot load RSA certificate and key data
I'm running Zimbra Open Source Edition on Debian 3.1, and use SMTP over SSL on port 465. It used to work with 4.0.5, but after upgrading to 4.5.3, it's no longer working. In the Admin-Interface I have Authentication and secure Authentication enabled, but I can only send emails when I use SMTP on port 25 without authentication (even when the boxes are checked). Secure IMAP is enabled as well, and works very well.

After the upgrade I had to replace smtpd.key and smtpd.crt and the keystore as well. Permissions are set exactly the same as they were before the upgrade. Regenerating the cert is not possible, since it is a commercial one. And it used to be fine before the upgrade and it is still working IMAPS and https-Access to the webmail.

What got broken during upgrade? What did I miss?
Thanks a lot for your help.
Reply With Quote
  #6 (permalink)  
Old 03-14-2007, 01:45 PM
m.a.g. m.a.g. is offline
Member
 
Join Date: Jul 2006
Location: Zurich, Switzerland
ZCS Version: 5.0.2_GA_1975_DEBIAN4.0
Posts: 28
m.a.g. is on a distinguished road
Default

Doesn't anybody have a solution?

This error doesn't let me use Zimbra as the productive system...

Thank you.
Reply With Quote
  #7 (permalink)  
Old 03-14-2007, 11:28 PM
jholder's Avatar
jholder jholder is offline
Zimbra Employee
 
Join Date: Oct 2005
Location: San Mateo, CA
ZCS Version: 5.0.5 RHEL4 64-bit GA
Posts: 5,409
jholder is on a distinguished road
Send a message via Yahoo to jholder
Default

Have a look here:
http://archives.neohapsis.com/archiv...3-12/0450.html
__________________
Reply With Quote
  #8 (permalink)  
Old 03-15-2007, 05:46 AM
m.a.g. m.a.g. is offline
Member
 
Join Date: Jul 2006
Location: Zurich, Switzerland
ZCS Version: 5.0.2_GA_1975_DEBIAN4.0
Posts: 28
m.a.g. is on a distinguished road
Default

That was the thing to do! It's working now ;-)

What I do not understand: did this change with the update to 4.5.3? It was working before with 4.0.5...

Thank you very much for your help!!!
Reply With Quote
  #9 (permalink)  
Old 03-15-2007, 07:26 AM
jholder's Avatar
jholder jholder is offline
Zimbra Employee
 
Join Date: Oct 2005
Location: San Mateo, CA
ZCS Version: 5.0.5 RHEL4 64-bit GA
Posts: 5,409
jholder is on a distinguished road
Send a message via Yahoo to jholder
Default

I don't know. This is the first instance I've seen of this.

Glad it's working

-john
__________________
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
need advice on configuring zimbra to work with fax server pheonix1t Administrators 0 07-11-2007 07:46 PM
Attachment problem - can't send e-mails via SMTP with attachments (Thunderbird) jannik.sueltz Administrators 0 03-26-2007 03:12 AM
Is it started or not kwelipatton Installation 10 03-28-2006 10:11 PM
external ldap authentication over SSL problem eyablon Administrators 1 02-16-2006 03:08 PM
SMTP SSL error robroadie Administrators 19 11-10-2005 10:58 AM


freshmeat.net sourceforge.net The best Java IDE



 

Search Engine Optimization by vBSEO 3.0.0