MTA TLS authentication
MTA TLS authentication
Hi,
I've installed M2 version. The only problem I have now is a setting in MTA authentication. I've configured the MTA NOT to require TLS authentication but it still does.
Any thoughts ?
I've installed M2 version. The only problem I have now is a setting in MTA authentication. I've configured the MTA NOT to require TLS authentication but it still does.
Any thoughts ?
-
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
MTA TLS authentication
Did you restart the MTA?
MTA TLS authentication
Ofcourse, several times. The option is unchecked on the administration web interface.
-
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
MTA TLS authentication
What does /var/log/zimbra.log say?
MTA TLS authentication
Upon startup:
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: initializing the server-side TLS engine
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/opt/zimbra/conf/smtpd.crt','r'):
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: cannot load RSA certificate and key data
Upon mail send attempt:
Nov 16 01:35:38 mvimap postfix/smtpd[19583]: connect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]
Nov 16 01:35:38 mvimap postfix/smtpd[19583]: warning: CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]: SASL LOGIN authentication failed
Nov 16 01:35:38 mvimap postfix/smtpd[19583]: disconnect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: initializing the server-side TLS engine
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/opt/zimbra/conf/smtpd.crt','r'):
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: cannot load RSA certificate and key data
Upon mail send attempt:
Nov 16 01:35:38 mvimap postfix/smtpd[19583]: connect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]
Nov 16 01:35:38 mvimap postfix/smtpd[19583]: warning: CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]: SASL LOGIN authentication failed
Nov 16 01:35:38 mvimap postfix/smtpd[19583]: disconnect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]
-
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
MTA TLS authentication
How are you restarting? zmcontrol restart?
MTA TLS authentication
service zimbra stop
service zimbra start
service zimbra start
MTA TLS authentication
Hi,
The problem still remains. I've tried to restart only mta component from within zimbra user shell, it did not help. MTA simply does not authenticate me if I am not using SSL. The same settings worked with the previous version.
Here is the output I get when restarting the MTA :
[zimbra@mvimap bin]$ ./zmmtactl stop
/opt/zimbra/amavisd/sbin/amavisd: no process killed
umount: it seems /opt/zimbra/amavisd/tmp is mounted multiple times
postfix/postfix-script: stopping the Postfix mail system
[zimbra@mvimap bin]$ ./zmmtactl start
DO: /opt/zimbra/postfix/sbin/postconf -e content_filter='smtp-amavis:[127.0.0.1]:10024'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_sasl_auth_enable='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_auth_only='no'
DO: /opt/zimbra/postfix/sbin/postconf -e disable_dns_lookups='no'
DO: /opt/zimbra/postfix/sbin/postconf -e message_size_limit='10240000'
DO: /opt/zimbra/postfix/sbin/postconf -e relayhost=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_recipient_restrictions='reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit'
postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.2.3/conf/main.cf
postfix/postfix-script: starting the Postfix mail system
Please help.
The problem still remains. I've tried to restart only mta component from within zimbra user shell, it did not help. MTA simply does not authenticate me if I am not using SSL. The same settings worked with the previous version.
Here is the output I get when restarting the MTA :
[zimbra@mvimap bin]$ ./zmmtactl stop
/opt/zimbra/amavisd/sbin/amavisd: no process killed
umount: it seems /opt/zimbra/amavisd/tmp is mounted multiple times
postfix/postfix-script: stopping the Postfix mail system
[zimbra@mvimap bin]$ ./zmmtactl start
DO: /opt/zimbra/postfix/sbin/postconf -e content_filter='smtp-amavis:[127.0.0.1]:10024'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_sasl_auth_enable='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_auth_only='no'
DO: /opt/zimbra/postfix/sbin/postconf -e disable_dns_lookups='no'
DO: /opt/zimbra/postfix/sbin/postconf -e message_size_limit='10240000'
DO: /opt/zimbra/postfix/sbin/postconf -e relayhost=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_recipient_restrictions='reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit'
postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.2.3/conf/main.cf
postfix/postfix-script: starting the Postfix mail system
Please help.
MTA TLS authentication
hi..just dumb Q..did you CHECK the plain TEXT login when you UNCHECKED SSL.
and also did you UNCHECK SSL on ALL services and Checked PLAIN TEXT by invendualy going to all services and then Stop and Start services.
Just trying to make sure you did that. if you did all that then big guys at zimbra are your saviours
I had to UNCHECK SSL on all Services and Checek PLAIN TEXT on all services and i have no issue.
Please update so we know.
Raj S Vrach
i2k2systems.com
and also did you UNCHECK SSL on ALL services and Checked PLAIN TEXT by invendualy going to all services and then Stop and Start services.
Just trying to make sure you did that. if you did all that then big guys at zimbra are your saviours
I had to UNCHECK SSL on all Services and Checek PLAIN TEXT on all services and i have no issue.
Please update so we know.
Raj S Vrach
i2k2systems.com
MTA TLS authentication
Hi,
There is no "Clear text login" checkbox on the MTA tab. About the rest services, I want IMAP and POP login to be available via SSL, but not SMTP.
There is no "Clear text login" checkbox on the MTA tab. About the rest services, I want IMAP and POP login to be available via SSL, but not SMTP.