Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: [SOLVED] ZCS 7.1.1 broken SMTP Auth

  1. #1
    Join Date
    Dec 2009
    Posts
    16
    Rep Power
    5

    Default [SOLVED] ZCS 7.1.1 broken SMTP Auth

    In installed the 7.1.1 update and all was good, until I tried to send a email. Outbound SMTP Auth was broken. I went thrugh and checked the configuration and the only thing I noticed is:

    zmlocalconfig -x postfix_smtp_sasl_security_options
    returned noanonymous
    but
    postconf -x smtp_sasl_security_options
    returned noplaintext, noanonymous
    This was after I tried to re-apply the zmlocalconfg and a restart of Zimbra

    I never did get It working, I had to restore the backup I made before the upgrade, after the restore, the above match with noanonymous.

    The /var/log/zimbra.log contained this error:

    Code:
    Jun  2 19:59:54 mail postfix/smtp[836]: certificate verification failed for outbound.mailhop.org[204.13.248.72]:10025: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    Jun  2 19:59:54 mail postfix/smtp[836]: 39105318055: to=, relay=outbound.mailhop.org[204.13.248.72]:10025, delay=1.1, delays=0.01/0.02/0.97/0.07, dsn=5.0.0, status=bounced (host outbound.mailhop.org[204.13.248.72] said: 550 You must authenticate to use MailHop Outbound (in reply to MAIL FROM command))
    The above first entry looks like postfix rejected the CA certificate for Equifax and then bouced the message.

    After the restore, all still works, so I'm thinking there was a change in 7.1.1 that broke this.

    I'd like to re-apply the update, but how do I fix this? or is it a bug.

  2. #2
    Join Date
    Dec 2007
    Posts
    36
    Rep Power
    7

    Default

    I might have the same issue. I noticed zmconfigd appears not to be running in the Admin-console. But the zmconfigd.log doesn not show anything strange.

    It looks like zmconfigd does not rewrite /opt/zimbra/postfix/conf/main.cf correctly.

    Anyone can confirm this?

  3. #3
    Join Date
    Dec 2009
    Posts
    16
    Rep Power
    5

    Default

    Quote Originally Posted by BarBaar View Post
    I might have the same issue. I noticed zmconfigd appears not to be running in the Admin-console. But the zmconfigd.log doesn not show anything strange.

    It looks like zmconfigd does not rewrite /opt/zimbra/postfix/conf/main.cf correctly.

    Anyone can confirm this?
    I checked the zmconfigd.log, and no errors in the 7.1.1 installation.
    I also checked /opt/zimbra/postfix\main.cf in both v7.1.0 and v7.1.1 instalations and smtp_sasl_security_options entry is in v7.1.0, but does not appear in the v7.1.1 instalation, even though I executed the below commands, more than once.

    Code:
    zmlocalconfig -e postfix_smtp_sasl_security_options=noanonymous
    zmcontrols restart

  4. #4
    Join Date
    Dec 2007
    Posts
    36
    Rep Power
    7

    Default

    Created Bug 60605

  5. #5
    Join Date
    Dec 2009
    Posts
    16
    Rep Power
    5

    Default Work around

    For Release 7.1.1_GA_3196.RHEL5_64_20110527011124 RHEL6_64 FOSS edition. I've loosely tested a work around that survives a zimbra restart and a reboot.

    Manually setting configuration values with "postconf -e” as the zimbra user sets the values in /opt/postfix/conf/main.cf and zmconfigd does not appear to reset, change, or remove them.

    The values I was forced to set to re-enable outbound SMTP authentication and not be rejected by the outbound relay are:

    Code:
    smtp_sasl_auth_enable
    smtp_cname_overrides_servername
    smtp_use_tls
    smtp_sasl_security_options
    smtp_sasl_mechanism_filter
    smtp_tls_security
    smtp_sasl_password_maps
    I have verified that none of theses confirguation valuse when set with "zmlocalconfig -e postfix_" are written to /opt/postfix/conf/main.cf

  6. #6
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    if you make changes via zmlocalconfig -e , and those changes end up in /opt/zimbra/postfix/conf/main.cf, it is zmconfigd that is making that update, as that's the only process that pushes changes from zmlocalconfig to postfix.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  7. #7
    Join Date
    Dec 2009
    Posts
    16
    Rep Power
    5

    Default

    Quote Originally Posted by quanah View Post
    if you make changes via zmlocalconfig -e , and those changes end up in /opt/zimbra/postfix/conf/main.cf, it is zmconfigd that is making that update, as that's the only process that pushes changes from zmlocalconfig to postfix.
    I believe that is the point of the issue, the changes made with "zmlocalconfig -e" are not being written to /opt/zimbra/postfix/conf/main.cf by zmconfigd

    If a change, to the postfix config, is made with zmlocalconfig is made, zmconfigd does log that it did rewrite main.cf. If you check the parameter you just changed, zmlocalconfig does reflect the change, but the change does not actually make it to main.cf.

  8. #8
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quote Originally Posted by flsimbeck View Post
    The values I was forced to set to re-enable outbound SMTP authentication and not be rejected by the outbound relay are:

    Code:
    smtp_sasl_auth_enable
    smtp_cname_overrides_servername
    smtp_use_tls
    smtp_sasl_security_options
    smtp_sasl_mechanism_filter
    smtp_tls_security
    smtp_sasl_password_maps
    I have verified that none of theses confirguation valuse when set with "zmlocalconfig -e postfix_" are written to /opt/postfix/conf/main.cf
    None of these values have *ever* been tracked or handled by zmconfigd or zmmtaconfig. They are not valid keys to set in zmlocalconfig either.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  9. #9
    Join Date
    Dec 2009
    Posts
    16
    Rep Power
    5

    Default

    I found this information when I orginally switched to an outbound relay and had to setup SMTP Auth (required by my relay service) on October 02, 2009 (I checked my relay billing). This is at least since zcs 6. Below is the referance link I used to initialy set up outbound SMTP Authentication. The zmlocalconfig options appear toward the end of the article.

    Code:
    http://wiki.zimbra.com/wiki/Outgoing_SMTP_Authentication
    The key names in my previous post are accepted by zmlocalconfig and stored in /etc/zimbra/conf/localconfig.xml and have been transferred to /ect/zimbra/postfix/conf/main.cf for every version prior to zcs 7.1.1 since I setup SMTP Auth. Without these settings in main.cf, Postfix will not use authentication for outbound mail relaying.

    Here is the relevant portion of my current /etc/zimbra/conf/localconfig.xml
    (I had to remove all the carrets to get to display in the post)

    Code:
    ?xml version="1.0" encoding="UTF-8"?
    
    localconfig
      key name="postfix_smtp_sasl_password_maps"
        valuehash:/opt/zimbra/conf/relay_password/value
      /key
      key name="postfix_always_add_missing_headers"
        valueyes/value
      /key
      key name="postfix_smtp_tls_security"
        valuemay/value
      /key
      key name="postfix_smtp_sasl_mechanism_filter"
        valueplain,login/value
      /key
      key name="postfix_smtp_sasl_auth_enable"
        valueyes/value
      /key
      key name="postfix_smtp_use_tls"
        valueyes/value
      /key
      key name="postfix_smtp_cname_overrides_servername"
        valueno/value
      /key
      key name="postfix_smtp_sasl_security_options"
        valuenoanonymous/value
      /key
    /localconfig
    With version 7.1.1, they are stored in localconfig.xml, but not transferred to main.cf.

    Your, maybe mistaken?, impression that they have never been handled by zmlocalconfig could be the very reason it has stopped working with v7.1.1, and has worked on previouse versions back in to v6.

    I backed up my current zcs 7.1.1 installation (a hard drive image) and restored the previous zcs 7.1.0 installation and CONFIRMED that the zmlocalconfig options are accepted and stored in localconfig.xml AND written to main.cf.

    You can then maybe understand why your statement:

    Quote Originally Posted by quanah View Post
    None of these values have *ever* been tracked or handled by zmconfigd or zmmtaconfig. They are not valid keys to set in zmlocalconfig either.
    Is making no sense to me, when I just PROVED it is not the case.

    I've been a ZCS user since version 5.0.19 (because I hate Exchange, yes hate), and have applied every update and upgrade as they've come out without issue intill v7.1.1

    If I'm mistaken, I'll apologize in advance, but I don't see how I can be when, with v7.1.0, I can show just the opposite behavior to your above statement.

  10. #10
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    You can create, and set, whatever keys in the world you want, in localconfig.xml via zmlocalconfig. It doesn't mean they are supported or necessarily processed. I'm looking at the actual code for zmlocalconfig (LC.java), and these keys do not exist in them.

    You can also look at the zmmta.cf file to find out where things get pulled from. Anything starting with VAR gets pulled from LDAP. Anything starting with LOCAL comes from zmlocalconfig.

    These values get pulled from LDAP. So I stand by what I said. These do not, and never have, come from zmlocalconfig. So, there may be issues with zmconfigd getting values from LDAP, but the problem has nothing to do with zmlocalconfig.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 10:24 AM
  2. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 05:52 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  4. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 04:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •