Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: MTA TLS authentication

  1. #1
    Join Date
    Nov 2005
    Posts
    19
    Rep Power
    9

    Default MTA TLS authentication

    Hi,

    I've installed M2 version. The only problem I have now is a setting in MTA authentication. I've configured the MTA NOT to require TLS authentication but it still does.

    Any thoughts ?

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Did you restart the MTA?

  3. #3
    Join Date
    Nov 2005
    Posts
    19
    Rep Power
    9

    Default

    Ofcourse, several times. The option is unchecked on the administration web interface.

  4. #4
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    What does /var/log/zimbra.log say?

  5. #5
    Join Date
    Nov 2005
    Posts
    19
    Rep Power
    9

    Default

    Upon startup:

    Nov 16 01:33:42 mvimap postfix/smtpd[19575]: initializing the server-side TLS engine
    Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt
    Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/opt/zimbra/conf/smtpd.crt','r'):
    Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
    Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
    Nov 16 01:33:42 mvimap postfix/smtpd[19575]: cannot load RSA certificate and key data

    Upon mail send attempt:

    Nov 16 01:35:38 mvimap postfix/smtpd[19583]: connect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]
    Nov 16 01:35:38 mvimap postfix/smtpd[19583]: warning: CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]: SASL LOGIN authentication failed
    Nov 16 01:35:38 mvimap postfix/smtpd[19583]: disconnect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]

  6. #6
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    How are you restarting? zmcontrol restart?

  7. #7
    Join Date
    Nov 2005
    Posts
    19
    Rep Power
    9

    Default

    service zimbra stop
    service zimbra start

  8. #8
    Join Date
    Nov 2005
    Posts
    19
    Rep Power
    9

    Default Still does not work

    Hi,

    The problem still remains. I've tried to restart only mta component from within zimbra user shell, it did not help. MTA simply does not authenticate me if I am not using SSL. The same settings worked with the previous version.

    Here is the output I get when restarting the MTA :

    [zimbra@mvimap bin]$ ./zmmtactl stop
    /opt/zimbra/amavisd/sbin/amavisd: no process killed
    umount: it seems /opt/zimbra/amavisd/tmp is mounted multiple times
    postfix/postfix-script: stopping the Postfix mail system
    [zimbra@mvimap bin]$ ./zmmtactl start
    DO: /opt/zimbra/postfix/sbin/postconf -e content_filter='smtp-amavis:[127.0.0.1]:10024'
    DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_sasl_auth_enable='yes'
    DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_auth_only='no'
    DO: /opt/zimbra/postfix/sbin/postconf -e disable_dns_lookups='no'
    DO: /opt/zimbra/postfix/sbin/postconf -e message_size_limit='10240000'
    DO: /opt/zimbra/postfix/sbin/postconf -e relayhost=''
    DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_recipient_restrictions='reject_non_fqdn_reci pient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit'
    postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.2.3/conf/main.cf
    postfix/postfix-script: starting the Postfix mail system


    Please help.

  9. #9
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default

    hi..just dumb Q..did you CHECK the plain TEXT login when you UNCHECKED SSL.
    and also did you UNCHECK SSL on ALL services and Checked PLAIN TEXT by invendualy going to all services and then Stop and Start services.

    Just trying to make sure you did that. if you did all that then big guys at zimbra are your saviours

    I had to UNCHECK SSL on all Services and Checek PLAIN TEXT on all services and i have no issue.

    Please update so we know.

    Raj S Vrach
    i2k2systems.com

  10. #10
    Join Date
    Nov 2005
    Posts
    19
    Rep Power
    9

    Default

    Hi,

    There is no "Clear text login" checkbox on the MTA tab. About the rest services, I want IMAP and POP login to be available via SSL, but not SMTP.

Similar Threads

  1. Daily mail report always reports "No messages found"
    By McPringle in forum Installation
    Replies: 42
    Last Post: 06-13-2011, 08:57 AM
  2. Howto setup TLS usage with upstream MTA
    By markymarknz in forum Installation
    Replies: 3
    Last Post: 10-21-2008, 11:49 AM
  3. External MTA and TLS Question
    By 3RiversTechAdmin in forum Administrators
    Replies: 5
    Last Post: 12-20-2006, 09:36 AM
  4. Supporting SPA and TLS for SMTP relaying
    By pbwebguy in forum Installation
    Replies: 1
    Last Post: 05-18-2006, 07:59 AM
  5. Server Stats Cont...
    By DMRDave in forum Administrators
    Replies: 15
    Last Post: 02-16-2006, 12:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •