| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
11-28-2005, 12:20 PM
| | Zimbra Employee | |
Posts: 4,792
| |
Quote: |
Originally Posted by kevindods We have had similar SMTP probs with clients looping at TLS auth. Has anyone seen a solution? We have bodged to continue playing by selecting tls 'if available' in Thunderbird and not requiring it at the server end, most times this works. Didnt have this problem on beta 1, there was a missing -r in a conf file but its certainly there now!
We will need to clear fedora and start again I think as the prodding has caused some fun and games with other services now - logger failing and most recently MTA not starting. uninstall and reinstall of Zimbra is not curing it. 
Thanks
Kevin |
Have you tried to recreate your SSL certs? |
11-28-2005, 05:47 PM
| | Special Member | |
Posts: 164
| | 
Yes we tried that and have stopped Zimbra services, uninstalled, re-installed and stripping out and reinstalling other services when we got bored ;-) At one point when we ran an update got an odd issue asking to update selinux which was disabled. We have wiped the server 3 times now and installed from scratch following the guidance as laid out but although we have had Zimbra working and behaving ostensibly well, it has never allowed tls sending on this beta (previous was fine) whether from a client on the local network or over the net.
HTTPS web client works fine, used the command line switch detailed in the forums to switch between mixed and https modes. As per forum posts rebuilt certs, checked out LDAP etc . Others seem to have got it working so it must be us somewhere but not worked it out yet. Even tried other FC3 install CDs and a different server and downloaded zimbra tar again incase something odd was in there.
It must be something obvious that we are missing and repeatedly missing so when we do work it out we will post here so that any other users with similar ability to read will have a better chance! ;-)
Kevin  |
11-28-2005, 05:56 PM
| | Zimbra Employee | |
Posts: 4,792
| |
Quote: |
Originally Posted by kevindods Yes we tried that and have stopped Zimbra services, uninstalled, re-installed and stripping out and reinstalling other services when we got bored ;-) At one point when we ran an update got an odd issue asking to update selinux which was disabled. We have wiped the server 3 times now and installed from scratch following the guidance as laid out but although we have had Zimbra working and behaving ostensibly well, it has never allowed tls sending on this beta (previous was fine) whether from a client on the local network or over the net.
HTTPS web client works fine, used the command line switch detailed in the forums to switch between mixed and https modes. As per forum posts rebuilt certs, checked out LDAP etc . Others seem to have got it working so it must be us somewhere but not worked it out yet. Even tried other FC3 install CDs and a different server and downloaded zimbra tar again incase something odd was in there.
It must be something obvious that we are missing and repeatedly missing so when we do work it out we will post here so that any other users with similar ability to read will have a better chance! ;-)
Kevin |
Anything in /var/log/zimbra.log? I know at least a few others had problems with SASL due to a bad url in the config file. |
11-28-2005, 08:48 PM
| | Special Member | |
Posts: 164
| |
only odd thing here seems to be that when recreating the certs and doing:
zmcertinstall mta /opt/zimbra/ssl/ssl/server/smtpd.crt /opt/zimbra/ssl/ssl/ca/ca.key
We get
line 47 print: command not found
Just as a note there seem to be some typos in couple of times the above line has been posted and some include a \ / in the middle.
Seems it is not a unique place to find ourselves, as others have had something similar but I havent seen a solution posted, the threads die out or reckon the cert recreation works. As we have this error at the mta cert creation it does suggest we may be close to a solution. Certainly appears the certs arent being created as expected.
Would be nice to find a solution with a 5th FC3 install ;-)
Any further clues?
Thanks
Kevin |
11-28-2005, 10:45 PM
| | Zimbra Employee | |
Posts: 2,103
| | line 47 error
IIRC, the print errors were bugs I introduced in the error display sections of the script. I don't have it in front of me, but if you took a look at what was happening on line 47, that might give an idea of what's failing. |
11-28-2005, 10:53 PM
| | Zimbra Employee | |
Posts: 2,103
| | line 47
Ok, the line 47 error is trying to complain that the certificate file you gave it on the command line wasn't found.
So, try this:
su - zimbra
sh -x bin/zmcreatecert
Post the results. |
11-29-2005, 04:22 AM
| | Special Member | |
Posts: 164
| |
Hi
I went back to basics and discovered that the required fetchmail also has a dependency of exim too. Didnt notice that before, so the wrong mta was started on port 25 but I wasnt getting a port conflict message up about it.
Uninstalled Zimbra, killed Exim, chkconfig exim off, reinstalled, HTTPS mode and we are back to a state of all working but no TLS offered by the MTA.
Ran the command requested and I have attached the result. Restarted services and checked the problem still existed and it does.
Any further ideas?
The linux techies here tell me if I get this sorted they will take on RH and the network version, they didnt say I shouldnt post here ;-)
Thanks
Kevin
Last edited by kevindods; 11-29-2005 at 04:29 AM..
|
11-29-2005, 08:07 AM
| | Zimbra Employee | |
Posts: 2,103
| | cert install
Ok, the cert creation looked fine.
Try this (all one line):
sh -x bin/zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key |
11-29-2005, 09:58 AM
| | Special Member | |
Posts: 164
| | that now allows tls
That has moved on to allow us to attempt to log on with tls but the authentication fails - although webclient now works fine.
Zimbra.log contains the info bellow, some errors on the cert still showing:-
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0000 16 03 01 00 30 ....0
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: read from 0910EEB8 [0911B34D] (48 bytes => -1 (0xFFFFFFFF))
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: SSL_accept:error in SSLv3 read certificate verify A
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: read from 0910EEB8 [0911B34D] (48 bytes => 48 (0x30))
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0000 60 c1 22 40 1d c5 ab 25|8d 87 fb 93 0c ac 64 58 `."@...% ......dX
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0010 20 96 b3 22 31 53 5c 5e|bb 6b 81 a9 e6 1f 72 cd .."1S\^ .k....r.
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0020 3e 63 23 a6 34 38 4f 16|22 df 8e d2 6f b8 df 9b >c#.48O. "...o...
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: SSL_accept:SSLv3 read finished A
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: SSL_accept:SSLv3 write change cipher spec A
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: SSL_accept:SSLv3 write finished A
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: write to 0910EEB8 [09129510] (59 bytes => 59 (0x3B))
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0000 14 03 01 00 01 01 16 03|01 00 30 c6 25 9b d4 fa ........ ..0.%...
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0010 b1 f8 83 f8 46 b0 fe 45|02 f2 ce 91 34 71 a7 5e ....F..E ....4q.^
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0020 1b 2e 49 1a 83 07 cb 7d|1d 46 87 af b6 84 2c 3a ..I....} .F....,:
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: 0030 10 4c 46 d7 09 c6 84 0a|25 91 11 .LF..... %..
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: SSL_accept:SSLv3 flush data
Nov 29 16:45:48 zimbra postfix/smtpd[11426]: TLS connection established from unknown[85.133.120.65]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Nov 29 16:45:52 zimbra postfix/smtpd[11426]: warning: SASL authentication failure: Password verification failed
Nov 29 16:45:52 zimbra postfix/smtpd[11426]: warning: unknown[85.133.120.65]: SASL PLAIN authentication failed
Nov 29 16:45:52 zimbra postfix/smtpd[11426]: warning: unknown[85.133.120.65]: SASL LOGIN authentication failed
Nov 29 16:45:54 zimbra postfix/smtpd[11426]: lost connection after AUTH from unknown[85.133.120.65]
Nov 29 16:45:54 zimbra postfix/smtpd[11426]: disconnect from unknown[85.133.120.65]
Password is correct, using the web the user authenticates.
Other thing happening is the logger and snmp services wont now start, or if they do appear to start by the time you do a status check they are stopped. Could be unrelated to the certs issue.
Cant see anything in the zimbra.log relating to errors on those services. Is there somewhere I can look to get details on the service errors?
Thanks for the help, seems some movement forward. What I dont yet see is what we have been doing wrong on the install, perhaps when we see what is wrong we can work backwards!
Cheers! |
11-29-2005, 10:58 AM
| | Zimbra Employee | |
Posts: 2,103
| | ssl working
I believe that the ssl portion of the connection is happy - the ssl warnings are due to it being a self-signed cert.
The password verification failure is a different problem - are you using the full user@domain username?
Is SASL logging anything?
As for snmp/logger - check /tmp/swatch.out and /tmp/logswatch.out - perhaps they can't read /var/log/zimbra.log?
For details on why things won't start - run
sh -x bin/zmloggerctl status
or
sh -x bin/zmswatchctl status | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
