MTA TLS authentication

[gutzeit]

Hi,
I've installed M2 version. The only problem I have now is a setting in MTA authentication. I've configured the MTA NOT to require TLS authentication but it still does.
Any thoughts ?

[14319KevinH]

Did you restart the MTA?

[gutzeit]

Ofcourse, several times. The option is unchecked on the administration web interface.

[14319KevinH]

What does /var/log/zimbra.log say?

[gutzeit]

Upon startup:
Nov 16 01:33:42 mvimap postfix/smtpd[19575]: initializing the server-side TLS engine

Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt

Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/opt/zimbra/conf/smtpd.crt','r'):

Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:

Nov 16 01:33:42 mvimap postfix/smtpd[19575]: warning: TLS library problem: 19575:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:

Nov 16 01:33:42 mvimap postfix/smtpd[19575]: cannot load RSA certificate and key data
Upon mail send attempt:
Nov 16 01:35:38 mvimap postfix/smtpd[19583]: connect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]

Nov 16 01:35:38 mvimap postfix/smtpd[19583]: warning: CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]: SASL LOGIN authentication failed

Nov 16 01:35:38 mvimap postfix/smtpd[19583]: disconnect from CBL217-132-89-214.bb.netvision.net.il[217.132.89.214]

[14319KevinH]

How are you restarting? zmcontrol restart?

[gutzeit]

service zimbra stop

service zimbra start

[gutzeit]

Hi,
The problem still remains. I've tried to restart only mta component from within zimbra user shell, it did not help. MTA simply does not authenticate me if I am not using SSL. The same settings worked with the previous version.
Here is the output I get when restarting the MTA :
[zimbra@mvimap bin]$ ./zmmtactl stop

/opt/zimbra/amavisd/sbin/amavisd: no process killed

umount: it seems /opt/zimbra/amavisd/tmp is mounted multiple times

postfix/postfix-script: stopping the Postfix mail system

[zimbra@mvimap bin]$ ./zmmtactl start

DO: /opt/zimbra/postfix/sbin/postconf -e content_filter='smtp-amavis:[127.0.0.1]:10024'

DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_sasl_auth_enable='yes'

DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_auth_only='no'

DO: /opt/zimbra/postfix/sbin/postconf -e disable_dns_lookups='no'

DO: /opt/zimbra/postfix/sbin/postconf -e message_size_limit='10240000'

DO: /opt/zimbra/postfix/sbin/postconf -e relayhost=''

DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_recipient_restrictions='reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit'

postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.2.3/conf/main.cf

postfix/postfix-script: starting the Postfix mail system


Please help.

[13445raj]

hi..just dumb Q..did you CHECK the plain TEXT login when you UNCHECKED SSL.

and also did you UNCHECK SSL on ALL services and Checked PLAIN TEXT by invendualy going to all services and then Stop and Start services.
Just trying to make sure you did that. if you did all that then big guys at zimbra are your saviours
I had to UNCHECK SSL on all Services and Checek PLAIN TEXT on all services and i have no issue.
Please update so we know.
Raj S Vrach

i2k2systems.com

[gutzeit]

Hi,
There is no "Clear text login" checkbox on the MTA tab. About the rest services, I want IMAP and POP login to be available via SSL, but not SMTP.