Results 1 to 1 of 1

Thread: Unable to send mail after upgrading to 5.0.0 (LDAP TLS trouble)

  1. #1
    Join Date
    Jan 2008
    Location
    Escondido, CA
    Posts
    4
    Rep Power
    7

    Default Unable to send mail after upgrading to 5.0.0 (LDAP TLS trouble)

    I decided to upgrade from 4.5.9 to 5.0.0 on OpenSuSE 10.0 yesterday. I ended up staying up all night, getting to bed at 10am. This post is an attempt to save someone else from the same fate.

    The install seemed to go well, except that it got a bit hung up on starting LDAP. I managed to get it to finish and everything looked great. Then I tried to send an email. Trying to send it from Outlook failed with a very long delay. Trying to send through the web interface caused my browser to hang, requiring a kill on both Firefox and IE7. Finally I tried a manual SMTP session using telnet. It went like this:

    1. telnet localhost 25 (received 220)
    2. helo test.com (received 250)
    3. mail from: me@me.com

    At this point, I got no response. This didn't look good.

    After long hours of struggle and searching, I finally found an article about postfix hanging after "mail from" when using a mysql backend. It warned that using mysql or ldap at this point was probably a bad idea since they could potentially fail, causing exactly the problem I saw.

    Ultimately I determined that the problem was solved by changing the ldap scripts to not start TLS. Initially I did this directly in the conf/ldap-*.cf files but it turns out that you need to change libexec/zmmtainit instead. Open the file and look for:

    Code:
    if [ "$num" == 5 ]; then
       STARTTLS="no"
    else
       STARTTLS="yes"
    fi
    All I had to do was swap the yes and the no like this:

    Code:
    if [ "$num" == 5 ]; then
       STARTTLS="yes"
    else
       STARTTLS="no"
    fi
    Actually, I sort of wonder if this is not correct anyway. Looking at the script, it is checking to see how much of the URL matches "ldaps". If 5 characters match, it means that the URL starts with ldaps:// rather than ldap://. Shouldn't we only be starting TLS in the "ldaps" case anyway?

    Oh, and in case you read the post about expired LDAP certs causing delivery problems, that was not my problem. I replaced the certs and verified that they were good but still no dice. My LDAP is not externally visible anyway so I don't need TLS.

    Anyway, if 4.5 worked fine (it didn't do the TLS stuff on LDAP) and after the upgrade you can't send mail, try this change and see if it saves you.

    Cheers,
    Last edited by scottmax; 01-04-2008 at 01:47 AM. Reason: additional information
    Scott Maxwell
    Code Cobblers, Inc

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 02:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 09:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •