Difference between revisions of "Error (MTA): Unable to set STARTTLS"
(New page: = Introduction = The Postfix MTA will fail to relay mail if it cannot successfully connect to the backend LDAP server. In ZCS version 5.0, TLS communication between the MTA and LDAP is en...)
Revision as of 23:59, 15 January 2008
The Postfix MTA will fail to relay mail if it cannot successfully connect to the backend LDAP server. In ZCS version 5.0, TLS communication between the MTA and LDAP is enabled which requires proper configuration of the TLS/SSL subsystem. A problem will be indicated in /opt/zimbra/log/zimbra.log.
Jan 15 11:12:37 server postfix/trivial-rewrite: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem Jan 15 11:12:37 server postfix/trivial-rewrite: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error Jan 15 11:12:37 server last message repeated 2 times
If the TLS/SSL subsystem is not properly configured, the Postfix MTA will fail to relay mail in and out of the server.
- CA chain can be appended in reverse creating invalid Certificate. See this article.
- Expired CA certs. See this article.
- Too many files in /opt/zimbra/conf/ca. If Postfix detects files or directories that do not belong in the ca directory, it will fail to negotiate TLS.
Make sure /opt/zimbra/conf/ca looks like this
[zimbra@server conf]$ ls -la /opt/zimbra/conf/ca total 16 drwxr-xr-x 2 zimbra zimbra 4096 Jan 10 04:14 . drwxrwxr-x 7 zimbra zimbra 4096 Jan 12 11:16 .. lrwxrwxrwx 1 root root 6 Jan 10 04:14 67504c4f.0 -> ca.pem -rw-r--r-- 1 zimbra zimbra 887 Jan 10 04:14 ca.key -rw-r--r-- 1 zimbra zimbra 785 Jan 10 04:14 ca.pem
Keywords: mta, postfix, fatal, ldap