Results 1 to 10 of 17

Thread: tls auth only?

Hybrid View

  1. #1
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    10

    Default tls auth only?

    I have tls auth only checked in both server and global settings. I have started and stopped the zimbra server using
    zmcontrol stop
    zmcontrol start

    when i try to login to zimbra smtp with
    username king@canmail.org
    and password xxxxxx

    using mozilla tls setting for outgoing smtp server first i get asked to accept the cert and i click accept this session only then mozilla keeps asking for the username and password over and over agian giving me this error in the logs

    Oct 8 05:39:57 mx1 postfix/smtpd[12343]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: SASL authentication failure: Password verification failed
    Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: computerking.ca[68.146.204.152]: SASL PLAIN authentication failed
    Oct 8 05:40:34 mx1 postfix/smtpd[29792]: warning: computerking.ca[68.146.204.152]: SASL LOGIN authentication failed

    When tring to auth using ssl i get rejected by zimbra and there is nothing in the logs

    using the mozilla no tls settings for outgoing smtp servers i can send mail it does not seem to be using tls to connect to zimbra/postfix the log is below. Why is the tls auth setting not working?

    Oct 8 05:30:51 mx1 postfix/smtpd[29792]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:31 mx1 postfix/smtpd[29792]: connect from computerking.ca[68.146.204.152]
    Oct 8 05:31:33 mx1 postfix/smtpd[29792]: 724E0F0C67: client=computerking.ca[68.146.204.152]
    Oct 8 05:31:33 mx1 postfix/cleanup[3250]: 724E0F0C67: message-id=<43480F9A.8060106@canmail.org>
    Oct 8 05:31:33 mx1 postfix/qmgr[29698]: 724E0F0C67: from=<king@canmail.org>, size=616, nrcpt=1 (queue active)
    Oct 8 05:31:33 mx1 postfix/smtpd[29792]: disconnect from computerking.ca[68.146.204.152]
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Connecting to LDAP host
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) connect_to_ldap: connected to canmail.org
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) connect_to_ldap: bind uid=zimbra,cn=admins,cn=zimbra succeeded
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ESMTP::10024 /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081: <king@canmail.org> -> <skinnman@yahoo.com> Received: SIZE=616 from mx1.canmail.org ([127.0.0.1]) by localhost (mx1.canmail.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27081-01 for <skinnman@yahoo.com>; Sat, 8 Oct 2005 05:31:33 -0700 (MST)
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) body hash: a7c25e3139e573937a894f529f759803
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Checking: F4dUOaooicuW [68.146.204.152] <king@canmail.org> -> <skinnman@yahoo.com>
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) p001 1 Content-Type: text/plain, size: 17 B, name:
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Checking for banned types and filenames
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) collect banned table[0]: skinnman@yahoo.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0xa2b7f74)
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) p.path skinnman@yahoo.com: "P=p001,L=1,M=text/plain,T=asc"
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Using ClamAV-clamd: (built-in interface)
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) Using (ClamAV-clamd) on dir: CONTSCAN /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts\n
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd: Connecting to socket 127.0.0.1:3310
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd: Sending CONTSCAN /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts\n to INET socket 127.0.0.1:3310
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ask_av (ClamAV-clamd): /opt/zimbra/amavisd/tmp/amavis-20051008T053133-27081/parts CLEAN
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) ClamAV-clamd result: clean
    Oct 8 05:31:33 mx1 amavis[27081]: (27081-01) spam_scan: hits=-1.764 tests=[AWL=-0.012,BAYES_00=-2.599,DATE_IN_FUTURE_03_06=0.847]
    Oct 8 05:31:33 mx1 postfix/smtpd[3269]: initializing the server-side TLS engine
    Oct 8 05:31:34 mx1 postfix/smtpd[3269]: connect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:34 mx1 amavis[27081]: (27081-01) AUTH not needed, user='', MTA offers ''
    Oct 8 05:31:34 mx1 postfix/smtpd[3269]: 19D54F0C68: client=localhost.localdomain[127.0.0.1]
    Oct 8 05:31:34 mx1 amavis[27081]: (27081-01) response to RCPT TO for <skinnman@yahoo.com>: "250 Ok"
    Oct 8 05:31:34 mx1 postfix/cleanup[3250]: 19D54F0C68: message-id=<43480F9A.8060106@canmail.org>
    Oct 8 05:31:35 mx1 postfix/smtpd[3269]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:35 mx1 postfix/qmgr[29698]: 19D54F0C68: from=<king@canmail.org>, size=1053, nrcpt=1 (queue active)
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) FWD via SMTP: <king@canmail.org> -> <skinnman@yahoo.com>, 250 2.6.0 Ok, id=27081-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 19D54F0C68
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) Passed CLEAN, [68.146.204.152] [68.146.204.152] <king@canmail.org> -> <skinnman@yahoo.com>, Message-ID: <43480F9A.8060106@canmail.org>, mail_id: F4dUOaooicuW, Hits: -1.764, 1670 ms
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) TIMING [total 1677 ms] - ldap-prepare: 7 (0%)0, SMTP EHLO: 23 (1%)2, SMTP pre-MAIL: 3 (0%)2, mkdir tempdir: 2 (0%)2, create email.txt: 1 (0%)2, ldap-connect: 19 (1%)3, lookup_ldap: 51 (3%)6, SMTP pre-DATA-flush: 3 (0%)6, SMTP DATA: 1 (0%)6, body_hash: 2 (0%)7, gen_mail_id: 1 (0%)7, mkdir parts: 1 (0%)7, mime_decode: 22 (1%)8, get-file-type1: 17 (1%)9, decompose_part: 2 (0%)9, parts_decode: 0 (0%)9, AV-scan-1: 13 (1%)10, spam-wb-list: 4 (0%)10, SA msg read: 1 (0%)10, SA parse: 3 (0%)10, SA check: 262 (16%)26, update_cache: 3 (0%)26, deal_with_mail_size: 1 (0%)26, fwd-connect: 43 (3%)29, fwd-mail-from: 66 (4%)33, fwd-rcpt-to: 38 (2%)35, write-header: 4 (0%)35, fwd-data: 0 (0%)35, fwd-data-end: 1052 (63%)98, fwd-rundown: 5 (0%)98, main_log_entry: 26 (2%)100, update_snmp: 2 (0%)100, unlink-1-files: 1 (0%)100, rundown: 1 (0%)100
    Oct 8 05:31:35 mx1 postfix/smtp[3251]: 724E0F0C67: to=<skinnman@yahoo.com>, relay=127.0.0.1[127.0.0.1], delay=4, status=sent (250 2.6.0 Ok, id=27081-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 19D54F0C68)
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) extra modules loaded: Net/LDAP/Bind.pm
    Oct 8 05:31:35 mx1 amavis[27081]: (27081-01) load: 99 %, total idle 0.018 s, busy 1.666 s
    Oct 8 05:31:35 mx1 postfix/qmgr[29698]: 724E0F0C67: removed
    Oct 8 05:31:36 mx1 postfix/smtp[3323]: 19D54F0C68: to=<skinnman@yahoo.com>, relay=mx1.mail.yahoo.com[4.79.181.14], delay=2, status=sent (250 ok dirdel)
    Oct 8 05:31:36 mx1 postfix/qmgr[29698]: 19D54F0C68: removed
    Oct 8 05:31:39 mx1 postfix/smtpd[29792]: connect from localhost.localdomain[127.0.0.1]
    Oct 8 05:31:39 mx1 postfix/smtpd[29792]: disconnect from localhost.localdomain[127.0.0.1]
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Is saslauthd running? After you get an auth failure with Thunderbird/Mozilla we've noticed you need to restart it. It goes it to a failed auth loop that doesn't seem to be recoverable.

  3. #3
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    10

    Default

    seems to be running

    [zimbra@mx1 rmvg]$ ps -auxx | grep saslauthd
    Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
    zimbra 28859 0.0 0.2 5332 1744 ? Ss 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28860 0.0 0.2 5332 1744 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28861 0.0 0.2 5332 1744 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28862 0.0 0.2 5332 1748 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 28863 0.0 0.2 5332 1748 ? S 05:25 0:00 /opt/zimbra/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    zimbra 10007 0.0 0.0 3728 644 pts/5 R+ 07:34 0:00 grep saslauthd
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  4. #4
    Join Date
    Sep 2005
    Posts
    274
    Rep Power
    10

    Default do you have more than one domain?

    This could be related to:

    http://www.zimbra.com/forums/showpos...54&postcount=5

    If you are running more than one domain, and logging into the non-default domain.

  5. #5
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    10

    Default

    I made the recommedations below adding a -r zmsaslauthdctl going to test it later today from work. What do u mean about auth loop does this mean every time some tries to login with the say for instace the wrong password that noone else will be able to login until i restart saslauthd?

    Quote Originally Posted by KevinH
    Is saslauthd running? After you get an auth failure with Thunderbird/Mozilla we've noticed you need to restart it. It goes it to a failed auth loop that doesn't seem to be recoverable.
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  6. #6
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    I meant restart Thunderbird.

  7. #7
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    10

    Default

    Sorry Kevin i gotta learn to read

    I am still having problems even after adding the -r option arrhg i will try turning off tls for now but i need that feature.

    I am really short on time right now.

    ps i am outlook now not mozilla
    Computer King

    http://www.computerking.ca

    Sales, Service, and Hosting
    Email, Data, and Web Packages
    Ask about web design specials

    Affiliates
    http://www.computerking.ca/pages/lin...affiliates.htm

  8. #8
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Short on time... Taking this live soon?

    Can you post the /var/mail/zimbra.log result when you try your test. I assume you've restarted saslauthd after you added the -r right?

Similar Threads

  1. How to configure SMTP AUTH (TLS) with Outlook Express
    By KevinH in forum Administrators
    Replies: 10
    Last Post: 01-18-2010, 08:46 AM
  2. TLS not working?
    By 3RiversTechAdmin in forum Installation
    Replies: 9
    Last Post: 04-06-2009, 07:12 AM
  3. Replies: 0
    Last Post: 01-03-2007, 06:22 PM
  4. Supporting SPA and TLS for SMTP relaying
    By pbwebguy in forum Installation
    Replies: 1
    Last Post: 05-18-2006, 08:59 AM
  5. smtp TLS auth error
    By PAI in forum Administrators
    Replies: 1
    Last Post: 12-23-2005, 10:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •