quick question. We use Zimbra as our mail server, along with ASSP at the perimeter with DoTLS enabled. We also use self-signed certificates that I have placed into the /assp/certs directory.
We've used this setup for years.
As of this morning, we're getting complaints from users that they can't send mail part of time. Zimbra logs show:
Aug 6 12:17:11 wm postfix/smtpd: warning: TLS library problem: 31623:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1197:SSL alert number 20:
Aug 6 12:17:11 wm postfix/smtpd: warning: TLS library problem: 31623:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 :s3_pkt.c:1197:SSL alert number 20
Google hasn't been much help in the above errors.
Could this be caused by certificates that may have expired? The dates on the certificate and key are early 2011.
Turning off DoTLS on port 25 has gotten rid of most of the errors in the logs. I've got a ticket open with Zimbra, but haven't gotten a response yet.
Just wanted to cover both side before blaming it on Zimbra's SSL implementation.
Ben Franklin quote:
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."