Smtp Tls

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
kollross
Advanced member
Advanced member
Posts: 50
Joined: Fri Sep 12, 2014 10:01 pm

Smtp Tls

Postby kollross » Wed Apr 26, 2006 8:24 am

I'm currently trying to get TLS working on our Filter server for incoming emails. Currently TLS works fine for outgoing SMTP connection on the other server. Currently with a manual telnet i'm getting this response
Connected to black.soltec.net.

Escape character is '^]'.

220 black.soltec.net ESMTP Postfix

ehlo xyz

250-black.soltec.net

250-PIPELINING

250-SIZE 102400000

250-VRFY

250-ETRN

250-STARTTLS

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250 8BITMIME

starttls

454 TLS not available due to local problem


I'm guessing this was a cert error (planning on using self signed). I then took your directions for creating a self signed cert
keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
But I'm getting this error.

keytool error: java.lang.Exception: Alias does not exist
Any ideas or is this even a cert problem. Only thing installed on filter server is mta spamfilter virusfilter and snmp


rsharpe
Outstanding Member
Outstanding Member
Posts: 254
Joined: Fri Sep 12, 2014 9:59 pm

Smtp Tls

Postby rsharpe » Wed Apr 26, 2006 8:27 am

The cert CA is not there so you don't need that command it is already deleted just zmcreateca to recreate the CA.
kollross
Advanced member
Advanced member
Posts: 50
Joined: Fri Sep 12, 2014 10:01 pm

Smtp Tls

Postby kollross » Wed Apr 26, 2006 8:29 am

Basically This then
zmcreateca

zmcreatecert

zmcertinstall mailbox ssl/ssl/server/tomcat.crt

zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
rsharpe
Outstanding Member
Outstanding Member
Posts: 254
Joined: Fri Sep 12, 2014 9:59 pm

Smtp Tls

Postby rsharpe » Wed Apr 26, 2006 8:38 am

I believe so.
kollross
Advanced member
Advanced member
Posts: 50
Joined: Fri Sep 12, 2014 10:01 pm

Smtp Tls

Postby kollross » Wed Apr 26, 2006 9:23 am

yep that works thanks
jerryboi
Advanced member
Advanced member
Posts: 124
Joined: Fri Sep 12, 2014 10:09 pm

Smtp Tls

Postby jerryboi » Mon Mar 05, 2007 5:33 pm

I have installed a commercial certificate as described in the wiki and I had the https site and the pop3 access working fine with it, however, when I tried to send mail through smtp, I got "error 454 - TLS not available due to a local problem". I tried settting the certificate for the mta manually by issuing
zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
which installed the original, zimbra issued certificate there. Not happy with that, in a particularly experimental mindset I copied my commercial .crt file over the /opt/zimbra/conf/smtpd.crt file. Now I get the error "unable to connect to smtp server via STARTTLS since it doesn't offer STARTTLS in EHLO response". Not happy with this one either, please help!
9327nexus
Posts: 11
Joined: Fri Sep 12, 2014 10:14 pm

Smtp Tls

Postby 9327nexus » Fri Mar 09, 2007 1:03 pm

I'm having the exact same problem.
Nutz
Advanced member
Advanced member
Posts: 135
Joined: Fri Sep 12, 2014 10:26 pm

Smtp Tls

Postby Nutz » Fri Mar 09, 2007 3:48 pm

I used to have this problem...
Try this (from http://mark.foster.cc/kb/openssl-keytool.html ):
Export the *public key* (certificate) from a keystore

|keytool -export -alias mykey -keystore keystore -file exported.crt|
The result is a DER (binary) formatted certificate in exported.crt
|openssl x509 -noout -text -in exported.crt -inform der|
Now you will want to convert it to another format - PEM - which is

more widely used in applications such as apache and by openssl to do

the pkcs12 conversion.
| openssl x509 -out exported-pem.crt -outform pem -text -in

exported.crt -inform der|


Then just copy it over smtpd.crt
9327nexus
Posts: 11
Joined: Fri Sep 12, 2014 10:14 pm

Smtp Tls

Postby 9327nexus » Fri Mar 09, 2007 4:11 pm

that worked without trouble but didnt fix the problem for me at least. my zimbra log now shows this
Mar 9 14:09:54 mail postfix/smtpd[31353]: lost connection after STARTTLS from c-67-169-127-128.hsd1.ca.comcast.net[67.169.127.128]

Mar 9 14:13:44 mail postfix/smtpd[22605]: warning: TLS library problem: 22605:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE:

Mar 9 14:13:44 mail postfix/smtpd[22605]: warning: TLS library problem: 22605:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:765:

Mar 9 14:15:13 mail postfix/smtpd[11729]: lost connection after STARTTLS from c-67-169-127-128.hsd1.ca.comcast.net[67.169.127.128]


client shows same error as before
Nutz
Advanced member
Advanced member
Posts: 135
Joined: Fri Sep 12, 2014 10:26 pm

Smtp Tls

Postby Nutz » Fri Mar 09, 2007 5:05 pm

can you post the first line of your exported-pem.crt (just open with a text editor)?

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 19 guests