I'm running Zimbra 5.0.11 on Ubuntu, Network Edition. I have mobile users who want to use our Zimbra MTA to relay mail to 3rd party destinations using SMTP auth. I believe I have it set up right per the various forum postings:

zimbra@mail:~$ zmprov getServer mail.example.com|grep Auth
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: mail.example.com
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: https://mail.example.com:443/service/soap/
zimbraMtaTlsAuthOnly: TRUE

When I try to use it though, as soon as I specify the mail recipient I get RENEGOTIATING from the smtp server, and no error. (I typically do this using openssl s_client -connect mail.example.com:465 so I can see the details of the SMTP conversation.)

Here's what I see:

220 mail.example.com ESMTP Postfix
EHLO garyo
250-mail.example.com
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 ......
.....
334 .....
.....
235 2.0.0 Authentication successful
MAIL FROM: garyo@somewhere.example.com
250 2.1.0 Ok
RCPT TO: someone@thirdparty.example.com
RENEGOTIATING
depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0


This is weird because first, why does it say RENEGOTIATING when I've authenticated properly? And second, why does it say there is a self-signed cert in the chain? That's not true, it's a bog-standard GoDaddy cert.

Any help?

-- Gary