Results 1 to 10 of 10

Thread: osx - upgrade from 4.0.3 to 4.5 GA - ssl, cert error, can't send mail

  1. #1
    Join Date
    Sep 2006
    Posts
    18
    Rep Power
    9

    Default osx - upgrade from 4.0.3 to 4.5 GA - ssl, cert error, can't send mail

    below is a snippet from my /var/log/zimbra.log

    Code:
    myhost postfix/smtpd[29445]: connect from myhost/myipaddress
    Jan 23 21:54:24 myhost postfix/smtpd[29445]: setting up TLS connection from myhost/myipaddress
    Jan 23 21:54:25 myhost postfix/smtpd[29445]: TLS connection established from myhost/myipaddress: TLSv1 with cipher AES128-SHA (128/128 bits)
    Jan 23 21:54:27 myhost saslauthd[23191]: auth_zimbra: me@mydomain auth failed: curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:\nerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Jan 23 21:54:27 myhost saslauthd[23191]: do_auth         : auth failure: [user=me@mydomain] [service=smtp] [realm=mydomain] [mech=zimbra] [reason=Unknown]
    Jan 23 21:54:27 myhost postfix/smtpd[29445]: warning: SASL authentication failure: Password verification failed

    i obviously sanitized my host, domain, and client info

    my environment:

    4.5.0_GA_612_MACOSX
    upgraded from 4.0.3 GA
    running on osx server 10.4.8 w zimbra ldap

    after the update (which appeared to go smoothly) i cannot send mail via imap smtp using secure mail port 25.

    i've read several threads related to sasl-tls errors and have checked my auth methods and auth urls. the default after upgrade was mixed auth, i changed to https but no joy. i manually recreated and installed new certs via wiki, no joy.

    i then re-ran zmsetup.pl with no change. the log snippet is post upgrade (second time). i basically wanted to undo any damage i might have done in troubleshooting and chasing the sasl-tls threads.

    if anyone can offer a suggestion, that'd be great. i'm going to check this thread wed. a.m. and hopefully be able to remedy with your help.

    tia, george

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Did you take a look at here:
    http://wiki.zimbra.com/index.php?tit...icate_Problems

    DON"T FORGET TO BACKUP!

  3. #3
    Join Date
    Sep 2006
    Posts
    18
    Rep Power
    9

    Default

    yes, i tried this procedure (not the optional parts) but don't know enough about it to really test the results. i do have the updated certs in ldap and they match the files in /opt/zimbra locations.

    thanks for the pointer. i'm hoping someone else will ring in.

    geo

  4. #4
    Join Date
    Sep 2006
    Posts
    18
    Rep Power
    9

    Default

    i've re-read some threads on sasl errors when trying to send emai from imap / pop3 clients securely. these are very similar, if not identical to what i'm seeing.

    to clarify, webmail is working correctly. client auth for imap and pop3 delivery is working correctly.

    client auth for sending via ssl is what's not working.

    -george

  5. #5
    Join Date
    Sep 2006
    Posts
    18
    Rep Power
    9

    Default

    any other suggestions? i'm going to backup / re-install tonight if i can't get any resolution within the next few hours.

    -george

  6. #6
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Yeah,
    You should be able to do a reinstall that might fix it.
    Run the install as an upgrade, and I believe it reinstalls the certs.

    jh

  7. #7
    Join Date
    Sep 2006
    Posts
    18
    Rep Power
    9

    Default

    wannabetenor,

    when i run zmsetup.pl, i don't have an option to alter configs. when i've run this from other platforms (linux for example) i've been able to select subsystems to alter config.

    on osx, settings are read from ldap and i don't see the expected config menu.

    is there a flag for zmsetup.pl? is there a zmsetup.log file somewhere to edit / delete?

    tia,

    george

  8. #8
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Just run the installer script again.

    Backup first tho

    ./install.sh

  9. #9
    Join Date
    Sep 2006
    Posts
    18
    Rep Power
    9

    Default

    okay, i re-ran the installer (osx mpkg instead of .sh script) the install takes about an hour on my hardware.

    i still have cert and TLS errors. here's a snippet from my zimbra.log

    Code:
    postfix/smtpd[19274]: warning: TLS library problem: 19274:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:411:
    Jan 24 22:myhost postfix/smtpd[19167]: lost connection after STARTTLS from
    i monitored the install and new certs were installed during install/upgrade.

    i scanned zmsetup.log and don't see any errors during setup of certs.

    i'm really bummed over this. what else should i try?

    george

  10. #10
    Join Date
    Sep 2006
    Posts
    18
    Rep Power
    9

    Default

    just closing the loop here. i never resolved the TLS - auth - cert issue after several tries.

    using a backup from prior to the upgrade, i re-installed 4.5 cleanly and am currently injecting old store msgs into my new instance. it's a little time consuming, but i'm learning a little about zmlmtpinject in the process. if i could have gotten my backup running i would have used imapsync instead.

    i don't know why my attempts to fix the config using mac-install.sh, zmsetup.pl etc didn't work. i know the osx installed base might be small, but i'm greatful for the product and would like to help make it better.

    one thing that would help me would be to better understand the dependencies that zmsetup.pl expects, relative to existing config files, interrupted / aborted runs, etc. i'd like to know how to initiate a re-config from the zmsetup expanded menu short of having to delete .install_history, .ssh, config.*, /tmp/zmsetup.log.*, etc... i was guessing most of the time.

    i think the behavior on linux and other os's might be different. when i was testing version 3.x on linux prior to adopting osx, it was much easier to get to the config menu to reset params.

    if i can help test something, let me know. and if some of this can be helped by rtfm, then point me to the right place :-)

    george

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 02:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 09:09 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 04:34 PM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •