Page 6 of 7 FirstFirst ... 4567 LastLast
Results 51 to 60 of 66

Thread: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

  1. #51
    Join Date
    Jun 2006
    Posts
    28
    Rep Power
    9

    Default

    Had the same issue with upgrade from 5.0.0GA to 5.0.1 today. Solved it by setting start_tls = no in the ldap-*.conf files.

  2. #52
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default Same issue

    Just adding my £2 to the pile: I have experienced the same issue with both 5.0 and 5.0.1. At present the only fix that works is to turn tls off via the config files. Really hope there is a resolution for this soon, as we are hoping to upgrade all of our servers, and a number of our clients are security crazy!

    Regards,
    Gary

  3. #53
    Join Date
    Oct 2007
    Posts
    9
    Rep Power
    8

    Default

    Quote Originally Posted by JHill View Post
    Had the same issue with upgrade from 5.0.0GA to 5.0.1 today. Solved it by setting start_tls = no in the ldap-*.conf files.
    I'll add my "me too" post to this thread as well. After upgrading from 4.5.10 NE to 5.0.1 NE I hit the same problem. I tried installing my commercial cert both from the Admin console as well as via zmcertmgr but postfix still barks. Changing the start_tls value to no in the ldap config files fixed it for now but I'd like to see it fixed via a patch or upgrade.

  4. #54
    Join Date
    Apr 2006
    Posts
    119
    Rep Power
    9

    Default

    I sure hope Zimbra comes out with 5.02 soon to address this issue as well as I hate having a hack in a production server.

    BRW

  5. #55
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quote Originally Posted by brwatters View Post
    I sure hope Zimbra comes out with 5.02 soon to address this issue
    The issue will indeed be addressed in 5.0.2, and was due to a bug in postfix which we've patched around.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #56
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    This looks like the fixed Bug 23922 - 4.x.x to 5.0.x upgrades with existing commercial certs may fail. (allow startTLS to succeed even if CA cert chain is missing)
    -There was also a postfix bug as well.

  7. #57
    Join Date
    Jun 2006
    Posts
    28
    Rep Power
    9

    Default

    In 5.0.2, we're still unable to receive mail with start_tls = yes in ldap-*.cf files. Here's the config:
    server_host = ldap://mail.domain.com:389
    server_port = 389
    search_base =
    query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=% s)(zimbraMailCatchAllAddress=%s))(zimbraMailStatus =enabled))
    result_attribute = zimbraMailCanonicalAddress,zimbraMailCatchAllCanon icalAddress
    version = 3
    start_tls = no
    tls_ca_cert_dir = /opt/zimbra/conf/ca
    bind = yes
    bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
    bind_pw = pass
    timeout = 30

  8. #58
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quote Originally Posted by JHill View Post
    In 5.0.2, we're still unable to receive mail with start_tls = yes in ldap-*.cf files. Here's the config:
    Showing the config isn't very useful, unfortunately. What would be useful is to know if you can get
    Code:
    ldapsearch -x -ZZ -h mail.domain.com
    as the Zimbra user to work. If not, what errors it shows.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  9. #59
    Join Date
    Jun 2006
    Posts
    28
    Rep Power
    9

    Default

    Quote Originally Posted by quanah View Post
    Showing the config isn't very useful, unfortunately. What would be useful is to know if you can get
    Code:
    ldapsearch -x -ZZ -h mail.domain.com
    as the Zimbra user to work. If not, what errors it shows.
    That worked fine, same ldapsearch results with start_tls set to yes and no.

    Here are the errors from zimbra.log:
    Feb 10 23:59:39 zimbra postfix/trivial-rewrite[24096]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
    Feb 10 23:59:39 zimbra last message repeated 2 times
    Feb 10 23:59:39 zimbra postfix/trivial-rewrite[24096]: fatal: ldap://opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem

  10. #60
    Join Date
    Feb 2008
    Location
    Easton PA
    Posts
    63
    Rep Power
    7

    Default Which config file turns off start_tls?

    What is the absolute path of the above config file?

    On 02-10-2008, 08:32 AM jhill provided a sample config to set start_tls = no. I can't find any such file to set this value for. I'm having the same problem and I'd like to use the same fix.

    find doesn't seem to return what I need so do I create this file? If so where?

    find /opt/zimbra -exec grep -q "start_tls" '{}' \; -print

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 02:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 10:43 AM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 09:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •