Error (MTA): Unable to set STARTTLS: Difference between revisions

(Certifying)
m (Protected "Error (MTA): Unable to set STARTTLS": Certified article [edit=sysop:move=sysop])
(No difference)

Revision as of 20:50, 19 February 2008


Introduction

The Postfix MTA will fail to relay mail if it cannot successfully connect to the backend LDAP server. In ZCS version 5.0, TLS communication between the MTA and LDAP is enabled which requires proper configuration of the TLS/SSL subsystem. A problem will be indicated in /opt/zimbra/log/zimbra.log.

Jan 15 11:12:37 server postfix/trivial-rewrite[20653]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Jan 15 11:12:37 server postfix/trivial-rewrite[20654]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Jan 15 11:12:37 server last message repeated 2 times

Impact

If the TLS/SSL subsystem is not properly configured, the Postfix MTA will fail to relay mail in and out of the server.

Possible Cause

  • CA chain can be appended in reverse creating invalid Certificate. See this article.
  • Expired CA certs. See this article.
  • Too many files in /opt/zimbra/conf/ca. If Postfix detects files or directories that do not belong in the ca directory, it will fail to negotiate TLS.

Make sure /opt/zimbra/conf/ca looks similar to this

[zimbra@server conf]$ ls -la /opt/zimbra/conf/ca
total 16
drwxr-xr-x  2 zimbra zimbra 4096 Jan 10 04:14 .
drwxrwxr-x  7 zimbra zimbra 4096 Jan 12 11:16 ..
lrwxrwxrwx  1 root   root      6 Jan 10 04:14 67504c4f.0 -> ca.pem
-rw-r--r--  1 zimbra zimbra  887 Jan 10 04:14 ca.key
-rw-r--r--  1 zimbra zimbra  785 Jan 10 04:14 ca.pem

Related Articles

Problem with Certificate can cause MTA Failure SSL Certificate Problems



Keywords: mta, postfix, fatal, ldap

Verified Against: Zimbra Collaboration Suite 5.0.0 Date Created: 1/15/2008
Article ID: https://wiki.zimbra.com/index.php?title=Error_(MTA):_Unable_to_set_STARTTLS Date Modified: 2008-02-19



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search