Firstly, this is a great project - I have been looking for a solution like this for a while. I hope to use zimbra as the messaging platform component in a community toolset package I am building.

I've got the whole kit running on a dev server (FC3) inside a firewall. I have http access, users can logon via HTTP and send / receive email no problem. Remote clients (I'm using iMail) can connect with IMAP/S and read write their folders. All good.

I am trying to use Zimbra as SMTP server for remote clients. I am getting an SSL failure when clients connect.

Code:
Nov  8 17:10:11 mx postfix/smtpd[6234]: connect from MY IP
Nov  8 17:10:11 mx postfix/smtpd[6234]: setting up TLS connection from MY IP
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:before/accept initialization
Nov  8 17:10:11 mx postfix/smtpd[6234]: read from 088B5090 [088BF6E0] (11 bytes => -1 (0xFFFFFFFF))
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:error in SSLv2/v3 read client hello A
Nov  8 17:10:11 mx postfix/smtpd[6234]: read from 088B5090 [088BF6E0] (11 bytes => 11 (0xB))
Nov  8 17:10:11 mx postfix/smtpd[6234]: 0000 16 03 01 00 57 01 00 00|53 03 01                 ....W... S..
Nov  8 17:10:11 mx postfix/smtpd[6234]: read from 088B5090 [088BF6EB] (81 bytes => -1 (0xFFFFFFFF))
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:error in SSLv3 read client hello B
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:error in SSLv3 read client hello B
Nov  8 17:10:11 mx postfix/smtpd[6234]: read from 088B5090 [088BF6EB] (81 bytes => 81 (0x51))
Nov  8 17:10:11 mx postfix/smtpd[6234]: 0000 43 70 db f3 ef 31 79 9f|40 4a f7 6b db d0 1b 81  Cp...1y. @J.k....
Nov  8 17:10:11 mx postfix/smtpd[6234]: 0010 71 e9 31 3c 02 e2 c9 7e|4d 1a d9 ec ba f0 21 e5  q.1<...~ M.....!.
Nov  8 17:10:11 mx postfix/smtpd[6234]: 0020 00 00 2c 00 05 00 04 00|0a ff 83 00 09 ff 82 00  ..,..... ........
Nov  8 17:10:11 mx postfix/smtpd[6234]: 0030 03 00 08 00 06 ff 80 00|01 00 16 00 15 00 14 00  ........ ........
Nov  8 17:10:11 mx postfix/smtpd[6234]: 0040 13 00 12 00 11 00 18 00|1b 00 1a 00 17 00 19 01  ........ ........
Nov  8 17:10:11 mx postfix/smtpd[6234]: 0050 - <SPACES/NULLS>
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:SSLv3 read client hello B
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:SSLv3 write server hello A
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:SSLv3 write certificate A
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:SSLv3 write server done A
Nov  8 17:10:11 mx postfix/smtpd[6234]: write to 088B5090 [088CD808] (684 bytes => 684 (0x2AC))

some data is exchanged....

Nov  8 17:10:11 mx postfix/smtpd[6234]: 02a9 - <SPACES/NULLS>
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:SSLv3 flush data
Nov  8 17:10:11 mx postfix/smtpd[6234]: read from 088B5090 [088BF6E0] (5 bytes => -1 (0xFFFFFFFF))
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept:error in SSLv3 read client certificate A
Nov  8 17:10:11 mx postfix/smtpd[6234]: SSL_accept error from MY IP: -1
Nov  8 17:10:11 mx postfix/smtpd[6234]: lost connection after STARTTLS MY IP
Nov  8 17:10:11 mx postfix/smtpd[6234]: disconnect from MY IP
I've been digging around the forms... for example yes, I am using the full user@server.com to connect. I've plans for multiple domains so I editted with the zmsaslauthdctl.

I think that the issue is that my certificate is for localhost.localdomain. I've tried to recreate my certs, but the script still gets localhost.localdomain from running hostname --fqdn. Maybe I should take that out?

Anyway - what thoughts do people have?

/rob