Results 1 to 4 of 4

Thread: SMTP problem

  1. #1
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    5

    Default [SOLVED] SMTP problem

    Just upgraded from 7.2.6 to 8.0.7.GA.6021.UBUNTU10.64 UBUNTU10_64 NETWORK edition. Both curl and openssl patches applied

    Code:
    # ./zmcurl807-updater.sh
    Error: Already patched
    Code:
    # /opt/zimbra/curl/bin/curl --version
    curl 7.36.0 (x86_64-unknown-linux-gnu) libcurl/7.36.0 OpenSSL/1.0.1h zlib/1.2.3.3
    Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
    Features: GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
    All seems to be fine APART from SMTP (Thunderbird). TB will receive mail via IMAP but fails to send.

    zimbra.log :

    Code:
    saslauthd : authentication against url 'https://domain.com:7071/service/admin/soap/' caused error 'curl_easy_perform: error(35): Unknown SSL protocol error in connection to domain.com:7071 '
    If I /opt/zimbra/curl/bin/curl -vvv --cacert /opt/zimbra/conf/ca/ca.pem https://doamin.com:7071 I get :

    Code:
    ......
    * SSLv3, TLS handshake, Client hello (1):
    * Unknown SSL protocol error in connection to domain.com:7071
    * Closing connection 0
    But if I use the Ubuntu curl :

    Code:
    /usr/bin/curl --version
    curl 7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
    Protocols: tftp ftp telnet dict ldap ldaps http file https ftps
    Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
    I get no errors.

    I've been searching all day. Any ideas ?
    Last edited by dik23; 07-22-2014 at 07:11 AM.

  2. #2
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    5

    Default

    Thinking that this might be connected to ssl ciphers I have reset mine to standard :

    Code:
    zmprov modifyConfig zimbraReverseProxySSLCiphers 'RC4:HIGH:!aNULL:!MD5:!kEDH:!AD:!SSLv2'
    
    zmprov mcf zimbraSSLExcludeCipherSuites ""
    
    zmprov mcf +zimbraSSLExcludeCipherSuites SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA \
    +zimbraSSLExcludeCipherSuites SSL_DHE_DSS_WITH_DES_CBC_SHA \
    +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA \
    +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_WITH_DES_CBC_SHA \
    +zimbraSSLExcludeCipherSuites SSL_RSA_EXPORT_WITH_DES40_CBC_SHA \
    +zimbraSSLExcludeCipherSuites SSL_RSA_EXPORT_WITH_RC4_40_MD5 \
    +zimbraSSLExcludeCipherSuites SSL_RSA_WITH_DES_CBC_SHA
    
    zmmtactl stop && zmmtactl start
    Code:
    zmprov gacf | grep Cipher
    
    zimbraReverseProxySSLCiphers: RC4:HIGH:!aNULL:!MD5:!kEDH:!AD:!SSLv2
    zimbraSSLExcludeCipherSuites: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    zimbraSSLExcludeCipherSuites: SSL_DHE_DSS_WITH_DES_CBC_SHA
    zimbraSSLExcludeCipherSuites: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    zimbraSSLExcludeCipherSuites: SSL_DHE_RSA_WITH_DES_CBC_SHA
    zimbraSSLExcludeCipherSuites: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    zimbraSSLExcludeCipherSuites: SSL_RSA_EXPORT_WITH_RC4_40_MD5
    zimbraSSLExcludeCipherSuites: SSL_RSA_WITH_DES_CBC_SHA
    Still getting the same errors.

    Any ideas out there ?

  3. #3
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    5

    Default

    Feeling a bit dumb now

    Code:
    zmmtactl stop && zmmtactl start
    should be

    Code:
    zmmailboxdctl restart
    All works fine now. Hope this helps someone

    For reference, at the time of writting, disabling the ciphers as described in Disabling all known ones at once caused this problem. Resetting the ciphers to standard settings, as above, fixed it.

    UPDATE :

    It seems it's excluding TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA that causes the error

    UPDATE2:

    The wiki has been updated with "Disabling some of these may break some services"
    Last edited by dik23; 07-23-2014 at 10:11 AM.

  4. #4
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    476
    Rep Power
    4

    Default

    Quote Originally Posted by dik23 View Post
    Feeling a bit dumb now

    Code:
    zmmtactl stop && zmmtactl start
    should be

    Code:
    zmmailboxdctl restart
    All works fine now. Hope this helps someone

    For reference, at the time of writting, disabling the ciphers as described in Disabling all known ones at once caused this problem. Resetting the ciphers to standard settings, as above, fixed it.

    UPDATE :

    It seems it's excluding TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA that causes the error

    UPDATE2:

    The wiki has been updated with "Disabling some of these may break some services"
    Thanks for this. You saved me troubles a lot.

    ccelis

Similar Threads

  1. Replies: 2
    Last Post: 05-20-2013, 03:03 AM
  2. Replies: 0
    Last Post: 04-18-2013, 08:49 AM
  3. SMTP problem
    By yk11 in forum Administrators
    Replies: 3
    Last Post: 01-23-2008, 05:49 PM
  4. SMTP/TLS problem
    By chanck in forum Administrators
    Replies: 1
    Last Post: 05-31-2007, 02:13 AM
  5. SMTP SSL Problem
    By nexus in forum Installation
    Replies: 8
    Last Post: 03-15-2007, 08:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •