Urgently need help:...
 
Notifications
Clear all

Urgently need help: Issue with sending from external servers with Port 587

5 Posts
2 Users
0 Reactions
43 Views
 IN84
(@in84)
Joined: 2 days ago
Posts: 4
Topic starter  

Hi, i am having the following issue:

Carbonio CE is installed in Version 24.12.2 on Ubuntu as a Standalone System.

The System was migrated from an older Zimbra Installation.

It mainly all works and i can sent E-Mails, but what does not work is sending emails from other "some" other systems that use Port 587.
It seems that 587 is always rejected. Also in the log file i see the following error when the servers can not sent:

Dec 27 07:54:00 mail postfix/smtpd[1821918]: sql_select option missing
Dec 27 07:54:00 mail postfix/smtpd[1821918]: auxpropfunc error no mechanism available
Dec 27 07:54:00 mail postfix/smtpd[1821918]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

Some external systems that use SSL and Port 465 can sent the emails. Just TLS and Port 587 does not work.

Can someone please guide me and tell me where i should check?

Here is some part of the config that might be relevant:

zimbraMailClearTextPasswordEnabled: TRUE
zimbraMailContentMaxSize: 10240000
zimbraMailDiskStreamingThreshold: 1048576
zimbraMailEmptyFolderBatchSize: 1000
zimbraMailEmptyFolderBatchThreshold: 100000
zimbraMailFileDescriptorBufferSize: 4096
zimbraMailFileDescriptorCacheSize: 1000
zimbraMailKeepOutWebCrawlers: TRUE
zimbraMailLocalBind: FALSE
zimbraMailMode: http
zimbraMailPort: 8080
zimbraMailProxyMaxFails: 1
zimbraMailProxyPort: 80
zimbraMailProxyReconnectTimeout: 10
zimbraMailPurgeBatchSize: 1000
zimbraMailPurgeSleepInterval: 1m
zimbraMailRedirectSetEnvelopeSender: TRUE
zimbraMailReferMode: reverse-proxied
zimbraMailSSLClientCertMode: Disabled
zimbraMailSSLClientCertOCSPEnabled: TRUE
zimbraMailSSLClientCertPort: 9443
zimbraMailSSLPort: 8443
zimbraMailSSLProxyClientCertPort: 3443
zimbraMailSSLProxyPort: 443
zimbraMailTrustedIP: 127.0.0.1
zimbraMailURL: /
zimbraMailUncompressedCacheMaxBytes: 1073741824
zimbraMailUncompressedCacheMaxFiles: 5000
zimbraMailUseDirectBuffers: FALSE
zimbraMailboxMoveFailedCleanupTaskInterval: 20m
zimbraMailboxMoveSkipBlobs: FALSE
zimbraMailboxMoveSkipHsmBlobs: FALSE
zimbraMailboxMoveSkipSearchIndex: FALSE
zimbraMailboxMoveTempDir: /opt/zextras/backup/tmp/mboxmove
zimbraMailboxThrottleReapInterval: 60s
zimbraMailboxdSSLProtocols: TLSv1.2
zimbraMailboxdSSLRenegotiationAllowed: TRUE

zimbraMtaSaslAuthEnable: yes
zimbraMtaSaslSmtpdMechList: LOGIN
zimbraMtaSaslSmtpdMechList: PLAIN
zimbraMtaSendmailPath: /opt/zextras/common/sbin/sendmail
zimbraMtaSmtpCnameOverridesServername: no
zimbraMtaSmtpDnsSupportLevel: enabled
zimbraMtaSmtpHeloName: $myhostname
zimbraMtaSmtpSaslAuthEnable: yes
zimbraMtaSmtpSaslSecurityOptions: noplaintext,noanonymous
zimbraMtaSmtpTlsCiphers: high
zimbraMtaSmtpTlsDaneInsecureMXPolicy: dane
zimbraMtaSmtpTlsLoglevel: 0
zimbraMtaSmtpTlsMandatoryCiphers: high
zimbraMtaSmtpTlsMandatoryProtocols: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
zimbraMtaSmtpTlsProtocols: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
zimbraMtaSmtpTlsSecurityLevel: may
zimbraMtaSmtpTransportRateDelay: $default_transport_rate_delay
zimbraMtaSmtpdBanner: $myhostname ESMTP $mail_name
zimbraMtaSmtpdClientAuthRateLimit: 0
zimbraMtaSmtpdClientPortLogging: no
zimbraMtaSmtpdClientRestrictions: reject_unauth_pipelining
zimbraMtaSmtpdDataRestrictions: reject_unauth_pipelining
zimbraMtaSmtpdErrorSleepTime: 1s
zimbraMtaSmtpdHardErrorLimit: 20
zimbraMtaSmtpdHeloRequired: yes
zimbraMtaSmtpdProxyTimeout: 100s
zimbraMtaSmtpdRejectUnlistedRecipient: yes
zimbraMtaSmtpdRejectUnlistedSender: yes
zimbraMtaSmtpdSaslAuthenticatedHeader: no
zimbraMtaSmtpdSaslSecurityOptions: noanonymous
zimbraMtaSmtpdSaslTlsSecurityOptions: $smtpd_sasl_security_options
zimbraMtaSmtpdSenderLoginMaps: proxy:ldap:/opt/zextras/conf/ldap-slm.cf
zimbraMtaSmtpdSenderRestrictions: reject_sender_login_mismatch
zimbraMtaSmtpdSoftErrorLimit: 10
zimbraMtaSmtpdTlsAskCcert: no
zimbraMtaSmtpdTlsCcertVerifydepth: 9
zimbraMtaSmtpdTlsCiphers: high
zimbraMtaSmtpdTlsLoglevel: 1
zimbraMtaSmtpdTlsMandatoryCiphers: high
zimbraMtaSmtpdTlsMandatoryProtocols: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
zimbraMtaSmtpdTlsProtocols: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
zimbraMtaSmtpdTlsReceivedHeader: yes
zimbraMtaSmtpdVirtualTransport: error


   
Quote
 IN84
(@in84)
Joined: 2 days ago
Posts: 4
Topic starter  

Since i can not edit my previous post i want to say thatΒ 

zimbraMtaSmtpSaslAuthEnable is actually set to no

I had it to yes to see if that helps anything, but that actually caused that i could not receive emails anymore and also could not send any.


   
ReplyQuote
 IN84
(@in84)
Joined: 2 days ago
Posts: 4
Topic starter  

Also another thing would be that how can i set that TLS 1.3 and TLS 1.2 is allowed? Currently somehow it seems that only TLS 1.3 is allowed unless i set TLS security level to None


   
ReplyQuote
 IN84
(@in84)
Joined: 2 days ago
Posts: 4
Topic starter  

I have now rolled back to Zimbra because of too many issues. Do you think it could have to do with exporting the Server config from the Zimbra to migrate it to Carbonio? Do you suggest doing another fresh install and instead of migrating the server settings just migrate the users / mailboxes / calendars and contacts?

I did find someone else having similar issues in the forum, so before i waste another 16+ hours of time it would be good if anyone might know the reasons for above issues before starting from the beginning πŸ™‚


   
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 595
 

@in84Β 

Hi,

Sorry to hear about the trouble you faced.

But there are no known issue about the use 587. To confirm that I reinstalled a new CE 24 .12.0 and checked followings:

  1. I set a an external email client to use 587 port to send emailΒ 
  2. The client is able to send email without any issue.

Β Now what you have guessed in the last post is possible.

Therefore, I would request you to check followings:

  1. Try sending email using app/software using 587 port before any config import/modification.
  2. Check the configuration that you are importing specially the trusted network part, authentications etc.

Β 

And to set your required TLS version, you can try followings:

root@mail:~# su - zextras -c "carbonio prov gcf zimbraReverseProxySSLProtocols "
zimbraReverseProxySSLProtocols: TLSv1.2
zimbraReverseProxySSLProtocols: TLSv1.3
root@mail:~#
root@mail:~#
root@mail:~# su - zextras -c "carbonio prov mcf zimbraReverseProxySSLProtocols TLSv1.1"
root@mail:~# su - zextras -c "zmproxyctl restart"
Stopping proxy...done.
Starting proxy...done.
root@mail:~#
root@mail:~# su - zextras -c "carbonio prov gcf zimbraReverseProxySSLProtocols"
zimbraReverseProxySSLProtocols: TLSv1.1
root@mail:~#

Β 

Hope it helps 😊

Regards,

Sharif


   
ReplyQuote