Results 1 to 9 of 9

Thread: SMTP SSL Problem

  1. #1
    nexus is offline Member
    Join Date
    Jul 2006
    Posts
    11
    Rep Power
    8

    Default SMTP SSL Problem

    Installed my commercial cert which was a pain but it finally got done. https works for the web interface, imap and pop work across ssl. smtp however is a different story.

    my log shows a bunch of this

    Mar 9 11:06:09 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:06:48 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:06:48 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:06:48 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:06:49 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:07:02 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:07:49 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:07:49 mail postfix/smtpd[2697]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:07:49 mail postfix/smtpd[1231]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:07:49 mail postfix/smtpd[2697]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:08:02 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:08:08 mail postfix/smtpd[3800]: warning: TLS library problem: 3800:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
    Mar 9 11:08:20 mail postfix/smtpd[3899]: warning: TLS library problem: 3899:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
    Mar 9 11:09:03 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:09:04 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:09:04 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:09:04 mail postfix/smtpd[2026]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:09:04 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:10:04 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:10:04 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:10:05 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:10:05 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:10:12 mail postfix/smtpd[4729]: warning: TLS library problem: 4729:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
    Mar 9 11:11:05 mail postfix/smtpd[1209]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:11:19 mail postfix/smtpd[1233]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:11:19 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:11:19 mail postfix/smtpd[2696]: lost connection after STARTTLS from unknown[10.200.2.254]
    Mar 9 11:11:19 mail postfix/smtpd[3800]: lost connection after STARTTLS from unknown[10.200.2.254]


    Any idea? I've searched. I've tried all the posted ideas. Nothing.

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Try regenerating your certificates. You can find this in the wiki.

  3. #3
    nexus is offline Member
    Join Date
    Jul 2006
    Posts
    11
    Rep Power
    8

    Default

    I can't regenerate my certificates. They are issued by a higher authority. What I need is for them to work with the mta like they work with everything else. I'm baffled by why this is so difficult to get working.

  4. #4
    kirme3 is offline Trained Alumni
    Join Date
    Apr 2006
    Location
    Illinois
    Posts
    194
    Rep Power
    9

    Default

    Are you wanting to use TLS on port 25 or ssl on port 465?

  5. #5
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    In /var/log/zimbra.log I have entries containing:
    Code:
    Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: cannot get private key from file /opt/zimbra/conf/smtpd.key
    Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
    Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:401:
    Mar 12 21:22:30 mail postfix/smtpd[7799]: warning: TLS library problem: 7799:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
    Mar 12 21:22:30 mail postfix/smtpd[7799]: cannot load RSA certificate and key data
    I'm running Zimbra Open Source Edition on Debian 3.1, and use SMTP over SSL on port 465. It used to work with 4.0.5, but after upgrading to 4.5.3, it's no longer working. In the Admin-Interface I have Authentication and secure Authentication enabled, but I can only send emails when I use SMTP on port 25 without authentication (even when the boxes are checked). Secure IMAP is enabled as well, and works very well.

    After the upgrade I had to replace smtpd.key and smtpd.crt and the keystore as well. Permissions are set exactly the same as they were before the upgrade. Regenerating the cert is not possible, since it is a commercial one. And it used to be fine before the upgrade and it is still working IMAPS and https-Access to the webmail.

    What got broken during upgrade? What did I miss?
    Thanks a lot for your help.

  6. #6
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    Doesn't anybody have a solution?

    This error doesn't let me use Zimbra as the productive system...

    Thank you.

  7. #7
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

  8. #8
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    That was the thing to do! It's working now ;-)

    What I do not understand: did this change with the update to 4.5.3? It was working before with 4.0.5...

    Thank you very much for your help!!!

  9. #9
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    I don't know. This is the first instance I've seen of this.

    Glad it's working

    -john

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. external ldap authentication over SSL problem
    By eyablon in forum Administrators
    Replies: 2
    Last Post: 05-05-2014, 03:44 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. Replies: 0
    Last Post: 03-26-2007, 03:12 AM
  4. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM
  5. SMTP SSL error
    By robroadie in forum Administrators
    Replies: 19
    Last Post: 11-10-2005, 11:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •