Results 1 to 6 of 6

Thread: POP3 polling does not work (yet)

  1. #1
    Join Date
    May 2007
    Posts
    10
    Rep Power
    8

    Question POP3 polling does not work (yet)

    Hi all,

    I've just set up my zimbra installation and am able to send emails.

    I'm now trying to poll a POP3 account using the new feature build in v4.5.

    When I try to test my settings I get an instant 'Error: Connect failed'.

    I tried using IP and DNS, with and without SSL (port 110 / 995, AFAIK my pop3-hoster supports SSL just fine, although I don't know if the certificate is valid they use).

    Does anybody know which log-files I should check for more verbose error messages? Is there a list what kind of messages/components are logged where?

  2. #2
    Join Date
    Sep 2005
    Posts
    78
    Rep Power
    10

    Default

    The error would be in /opt/zimbra/log/mailbox.log. We don't currently support POP3 servers that don't have valid certificates. If you need this functionality, please file a bug.

  3. #3
    Join Date
    May 2007
    Posts
    10
    Rep Power
    8

    Default

    Thanks.

    It looks like I haven't got the correct CA Certificate.

    Is it correct that I have to install it into tomcat's keystore?
    (documentation)

    If yes, that would propably mean I would have to restart tomcat right?
    Last edited by philzli; 05-11-2007 at 11:29 AM. Reason: doc link was broken.

  4. #4
    Join Date
    Sep 2005
    Posts
    78
    Rep Power
    10

    Default

    I don't think you need to add the certificate on the client side. I was able to POP my GMail account without having to do this. The only requirement is that the POP3 server has to have a signed certificate.

  5. #5
    Join Date
    May 2007
    Posts
    10
    Rep Power
    8

    Cool

    Err, I truly hope this is not the case (or I'm misunderstanding you or the other way around):

    If I would not need the CA Certificate, then I could make a POP3 Server using a certificate which I could sign using a 'fake' verisign or trustcenter or what ever CA Cert. My connection would be encrypted etc., but then I should also allow self-signed and invalid (no longer valid for example) certificates as they feature the same amount of Man-in-the-middle protection ( = none).

    For fetchmail (no zimbra needed) you need to download the Equifax CA Certificate, so I guess you have to place the CA Cert in Zimbra _somewhere_.

    My question is... where? :-)

    Update/Added:
    The problem is described here. I get the "unable to find valid certification path to requested target" which for sounds like I need the CA Cert, but it does not have be that..
    Last edited by philzli; 05-11-2007 at 04:22 PM.

  6. #6
    Join Date
    May 2007
    Posts
    10
    Rep Power
    8

    Default

    To answer my own question:

    The CA Certificates / Trusted Public Keys are to be found at:
    /opt/zimbra/jdk1.5.0_08/jre/lib/security/cacerts


    To list the contents go to that directory and type:
    ../../../bin/keytool -list -keystore cacerts

    (when asked for the password just press enter)

    Mine contains 44 certificates, 4 by equifax, which explains why Gmail works just fine while my server does not.

    To add a certificate you currently have to use the keytool that comes with the JDK. There are also GUI tools out there to help, like keyman by IBM and portcle which is GPL'd and quit nice.

    I'll file a request for enhancement for this as it is a not-to-uncommon thing to do. Even big CAs like verisign change/add new certificates once in a while.

    Link to bug/enhancement: Bug #16753
    Last edited by philzli; 05-11-2007 at 04:44 PM. Reason: added link to bugzilla

Similar Threads

  1. Replies: 20
    Last Post: 12-21-2007, 01:48 AM
  2. Polling POP3
    By wim in forum Installation
    Replies: 1
    Last Post: 02-02-2007, 05:51 PM
  3. Replies: 8
    Last Post: 01-29-2007, 03:16 PM
  4. POP3 and SMTP time out issues
    By MarkStratmann in forum Administrators
    Replies: 0
    Last Post: 10-19-2006, 12:43 PM
  5. Replies: 42
    Last Post: 08-11-2006, 10:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •