Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Upgrade 4.0.3 to 4.0.5 SMTP not working

  1. #11
    Join Date
    Jan 2007
    Posts
    17
    Rep Power
    8

    Default Thanks!!

    no, all the clients are remote from that network, that's why we're using ssl to authenticate. all clients are coming in from over the internet from various networks.

  2. #12
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default Alternate lesson:

    Quote Originally Posted by asdferrtty View Post
    It goes to show - NEVER run the open-source edition in production, we've learned our lesson...
    I'd suggest a slightly different take-home: Always back up before upgrading, and consider doing upgrades on weekends just in case you get unlucky and need time to roll it back.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  3. #13
    Join Date
    Jan 2007
    Posts
    17
    Rep Power
    8

    Default Tls?

    and we are not using tls, we were planning on using ssmtp (port 465) which seemed to be working before the upgrade.

  4. #14
    Join Date
    Jan 2007
    Posts
    17
    Rep Power
    8

    Default

    Quote Originally Posted by dkarp View Post
    I'd suggest a slightly different take-home: Always back up before upgrading, and consider doing upgrades on weekends just in case you get unlucky and need time to roll it back.
    dkarp - we were flat out told by the sales team to NEVER RUN the open source in production. You might want to talk to the sales folks over there...

  5. #15
    Join Date
    Jan 2007
    Posts
    17
    Rep Power
    8

    Default

    Quote Originally Posted by bobby View Post
    saslauthd is a part of the mta service


    are the smtp mail clients on the same lan as the server? are they on "208.70.199.64/27"? what happens if you run this from a client machine:

    openssl s_client -connect mail.mydomain.com:25 -starttls smtp -showcerts
    from the mailserver itself:
    zimbra@mail:~/log$ openssl s_client -connect mail.mydomain.com:25 -starttls smtp -showcerts
    CONNECTED(00000003)
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=mail.mydomain.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=mail.mydomain.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=mail.mydomain.com
    verify error:num=21:unable to verify the first certificate
    verify return:1
    ---
    Certificate chain
    0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=mail.mydomain.com
    i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
    -----BEGIN CERTIFICATE-----
    MIIC9DCCAl2gAwIBAgIBAjANBgkqhkiG9w0BAQQFADBOMQswCQ YDVQQGEwJVUzEM
    MAoGA1UECBMDTi9BMQwwCgYDVQQHEwNOL0ExIzAhBgNVBAoTGl ppbWJyYSBDb2xs
    YWJvcmF0aW9uIFN1aXRlMB4XDTA2MTAzMDE3MTI1OVoXDTA3MT AzMDE3MTI1OVow
    XTELMAkGA1UEBhMCVVMxDDAKBgNVBAgTA04vQTEjMCEGA1UECh MaWmltYnJhIENv
    bGxhYm9yYXRpb24gU3VpdGUxGzAZBgNVBAMTEm1haWwuc3RyYX RpY29tLmNvbTCB
    nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwHHVGHxZ2heZiT 6EKPKC8DD9Xso3
    n1Dw+vUih4HJD5mJYJiB2a8EpgCk7cnyGRZrZYwJszRAKgKvLb 2KLQ4XKLyWe01V
    0C5VV3OYqazyVAnd3Sb+FYccnOsvewqTTHv6cAGiebPyojiPeW cg9FiGyKDd7acT
    99JiNhUPT2Hy8VECAwEAAaOB0jCBzzAJBgNVHRMEAjAAMCwGCW CGSAGG+EIBDQQf
    Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ 4EFgQUOxhtP5KM
    aY8SxyAQGGhqgPm73qgwaAYDVR0jBGEwX6FSpFAwTjELMAkGA1 UEBhMCVVMxDDAK
    BgNVBAgTA04vQTEMMAoGA1UEBxMDTi9BMSMwIQYDVQQKExpaaW 1icmEgQ29sbGFi
    b3JhdGlvbiBTdWl0ZYIJAJ8nBtChZstSMAsGA1UdDwQEAwIF4D ANBgkqhkiG9w0B
    AQQFAAOBgQC4KScTQdvgAFP/CyX8LGWH8clc16+OKXO1bFpKMfPMHeTl8rigLF6s
    BMUvFYWkM27W8JRUBNhJlmG6pKrjE9iu18X2jR9KlTZUJZLrT3 A06xCaJM/w5A/8
    khvUdjLU3IAvjgdhkgyKpYusCNR15UC2VZSoxu6a6RA0Kdxh4/Vjwg==
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=mail.mydomain.com
    issuer=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 1386 bytes and written 350 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
    Server public key is 1024 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1
    Cipher : DHE-RSA-AES256-SHA
    Session-ID: DC0C0E7FF35D142ED2C207C00E4FA4ACEA982362141786F648 A014E955609386
    Session-ID-ctx:
    Master-Key: ADF10CC2EC6F407A15CB95B3C1030BAA67A62813F67AE7CA4D 431C39E5E4EE74816C3824236A68693E7E5F25D1C58322
    Key-Arg : None
    Start Time: 1168544780
    Timeout : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    ---
    220 mail.mydomain.com ESMTP Postfix (domain name changed to protect the innocent)

  6. #16
    Join Date
    Nov 2005
    Posts
    518
    Rep Power
    11

    Default

    did you make a backup of the changes to /opt/zimbra/postfix/conf/master.cf? The upgrade probably doesn't respect the changes. If not, review the wiki article about adding smtp ports

    >If you want postfix to listen on different port for TLS (ie. SMTPS, as defined in /etc/services -- port #465), you'll need the comment out the line beginning with "smtps ...." in /opt/zimbra/postfix/conf/master.cf.
    >

  7. #17
    Join Date
    Jan 2007
    Posts
    17
    Rep Power
    8

    Thumbs up you are a freakin' genius

    Quote Originally Posted by bobby View Post
    did you make a backup of the changes to /opt/zimbra/postfix/conf/master.cf? The upgrade probably doesn't respect the changes. If not, review the wiki article about adding smtp ports
    lessons learned:
    BACKUP!!!
    do upgrades on weekends, not week nights just in case
    stay in Bobby's good graces

    As far as upgrading goes, might want to preserve the master.cf file. Oddly enough, with 4.0.3, we never had to uncomment out the line to use port 465 as we had to here to get it working. But thanks for your help, hopefully I won't get fired.

  8. #18
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default *sigh*

    Quote Originally Posted by asdferrtty View Post
    dkarp - we were flat out told by the sales team to NEVER RUN the open source in production. You might want to talk to the sales folks over there...
    sigh...

    No, you can run the OSS version in production. Many people do.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  9. #19
    Join Date
    Sep 2005
    Posts
    274
    Rep Power
    10

    Default

    [Update: I didn't read the part where bobby solved this for you, and wrote the following:]

    This bug prevents saslauthd from logging anything in 4.0.x installs.

    http://bugzilla.zimbra.com/show_bug.cgi?id=7893#c1

    If you update your syslog.conf as a temporary workaround until 4.5, you may get more useful logging info from saslauthd.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  10. #20
    Join Date
    Jan 2007
    Posts
    19
    Rep Power
    8

    Default

    This issue seems remarkably similar to mine: http://www.zimbra.com/forums/showthread.php?t=6171

    Testing the above OpenSSL line gets me a valid cert dump and an SMTP banner (Postfix greeting).

Similar Threads

  1. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  2. Upgrade from 3.1.3 to 4.0.3
    By rrojas in forum Installation
    Replies: 4
    Last Post: 05-22-2007, 09:45 AM
  3. 4.0.3 -> 4.5.1 upgrade
    By Storm16 in forum Installation
    Replies: 1
    Last Post: 02-11-2007, 09:44 PM
  4. Replies: 9
    Last Post: 01-26-2007, 06:31 AM
  5. Upgrade to 4.0.3 on Suse 9.3
    By winne27 in forum Migration
    Replies: 3
    Last Post: 10-27-2006, 11:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •