Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: [SOLVED] Unable to send mail via SMTP+TLS+Auth

  1. #1
    Join Date
    Apr 2007
    Location
    NSW, Australia
    Posts
    38
    Rep Power
    8

    Default [SOLVED] Unable to send mail via SMTP+TLS+Auth

    First of all, this is a 4.5.9 Ubuntu installation. I can send via the web interface so the underlying MTA is ok.

    However, I have SMTP auth and TLS switched on. I have followed the wiki article to generate some new self-signed certs so they reflect my domains etc. However, since doing this, whenever I send a message using a thunderbird mail client I get the following in the logs:

    Code:
    Nov 20 13:58:40 node postfix/smtpd[1544]: connect from remote.server.name[1.2.3.4]
    Nov 20 13:58:40 node postfix/smtpd[1544]: setting up TLS connection from remote.server.name[1.2.3.4]
    Nov 20 13:58:41 node postfix/smtpd[1544]: TLS connection established from remote.server.name[1.2.3.4]: TLSv1 with cipher AES128-SHA (128/128 bits)
    Nov 20 13:58:41 node postfix/master[797]: warning: process /opt/zimbra/postfix-2.2.9/libexec/smtpd pid 1544 killed by signal 11
    Nov 20 13:58:41 node postfix/master[797]: warning: /opt/zimbra/postfix-2.2.9/libexec/smtpd: bad command startup -- throttling
    ...and when using Apple mail I see the following log lines:
    Code:
    Nov 20 13:59:04 node postfix/smtpd[1151]: connect from remote.server.name[1.2.3.4]
    Nov 20 13:59:04 node postfix/smtpd[1151]: setting up TLS connection from remote.server.name[1.2.3.4]
    Nov 20 13:59:09 node postfix/smtpd[1151]: SSL_accept error from remote.server.name[1.2.3.4]: 0
    Nov 20 13:59:09 node postfix/smtpd[1151]: warning: TLS library problem: 1151:error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied:s3_pkt.c:1057:SSL alert number 49:
    Nov 20 13:59:09 node postfix/smtpd[1151]: lost connection after STARTTLS from remote.server.name[1.2.3.4]
    Nov 20 13:59:09 node postfix/smtpd[1151]: disconnect from remote.server.name[1.2.3.4]
    I couldn't find anything else that indicates a problem - as stated at the top, the web interface works fine. Stumped and totally unsure of how to proceed. Anyone seen this before?

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Hi Cent-
    Have you had a look at this thread:
    http://www.zimbra.com/forums/adminis...-smtp-tls.html

    looks like there might be a utility that might help. Let me know if you've already tried it, and we'll try something else.

  3. #3
    Join Date
    Apr 2007
    Location
    NSW, Australia
    Posts
    38
    Rep Power
    8

    Default

    Followed that thread through which ended up here. However, in those instructions, the following command failed on my system:

    Code:
    root@node:~# cp /opt/zimbra/ssl/ssl/server/tomcat.pem /opt/zimbra/conf/smtpd.crt
    cp: cannot stat `/opt/zimbra/ssl/ssl/server/tomcat.pem': No such file or directory
    Regardless, I restarted zimbra and now get:
    Code:
    Nov 20 14:38:52 node postfix/smtpd[20409]: warning: cannot get private key from file /opt/zimbra/conf/smtpd.key
    Nov 20 14:38:52 node postfix/smtpd[20409]: warning: TLS library problem: 20409:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399:
    Nov 20 14:38:52 node postfix/smtpd[20409]: cannot load RSA certificate and key data
    ...which I expected. So I redployed the mta certificate as per the original wiki article and now am back to the original error. Strangley the "starttls" command returns a 220:
    Code:
    $ telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 node.gray.net.au ESMTP Postfix
    ehlo localhost
    250-node.gray.net.au
    250-PIPELINING
    250-SIZE 10485760
    250-VRFY
    250-ETRN
    250-STARTTLS
    250 8BITMIME
    STARTTLS
    220 Ready to start TLS
    I've googled this up the whazoo for 48 hours now, and still can't find any answers.

  4. #4
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    Looks like you installed the cert without the key. Make sure you've installed the smtpd cert/key completely (per the wiki)

    Code:
    zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key
    postfix reload
    Bugzilla - Wiki - Downloads - Before posting... Search!

  5. #5
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    BTW, everyone should be glad to know that certificate management can now be done via the Admin Console starting in 5.0.0_RC2 with some simplified wizards.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  6. #6
    Join Date
    Apr 2007
    Location
    NSW, Australia
    Posts
    38
    Rep Power
    8

    Red face

    Yes - did that step again, and verified the key+cert matched etc using openssl. However I still have the same problem.

    I really can't afford too much more downtime, so I'm migrating to ZCS 5.0RC1 on a spare system to see if that can be coaxed to life.

    Will keep you posted....

    -- James

  7. #7
    Join Date
    Apr 2007
    Location
    NSW, Australia
    Posts
    38
    Rep Power
    8

    Default

    Brilliant...can't upgrade from 4.5.9GA -> 5.0.0RC1 See here for why. So now I'm stuffed.

  8. #8
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Can you disable tls for smtp auth for the interm while you figure it out?

  9. #9
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Are you a Network Edition Customer? If so, by all means, please contact support! I can give them a heads up if you want.

  10. #10
    Join Date
    Apr 2007
    Location
    NSW, Australia
    Posts
    38
    Rep Power
    8

    Default

    Ok - nothing to loose, so did a virgin installation of 4.5.9GA. Ran through the SSL self-signed certificate procedures verbatim. However, I am back to the same problem I have in the original post.

    Is this a bug in 4.5.9? Is there a step missing or incorrect in that procedure??

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 06:01 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 09:43 AM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 03:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •