Secure IMAP + Secure SMTP not working [SOLVED]

[bertalanimre]

Hello there,

I have a problem with seting up SSMTP and SIMAP on my Zentyal server. On the clients we have Thunderbird, and whenever I want to connect it to the server, it sais "couldn't find server settings" ( or something similar, sorry my thunderbird is in Hungarian language ). However, if I enable simple IMAP and SMTP in Mail or in Groupware, then it is OK, but I need the secured channels for my mail server ( I remove simple IMAP and SMTP always and allow only Secured IMAP + Secured SMTP in mail). Something with the firewall maybe? Am I setting the server up wrong or the Thunderbird is set up badly? I need the 465 and the 585 ports?

Thank you for your answers in advance.

Bert

[christian]

Except in case of bug, there is no need to change firewall rules for something that is part of Zentyal.
What I mean to say is that Zentyal application, in case you configure, using GUI, mail to enable secure IMAP, will handle FW rules on your behalf.
If this was not true, then it wouldn't make sense to use Zentyal isn't it? 
So you can check but this is most likely not FW issue (of course assuming you use Zentyal FW)

Issue could be due however to untrusted certificate. However, error message you report looks like some service discovery failing... how do you configure secure IMAP?

[bertalanimre]

I created a Cert for Mail useage first. Then ( at the moment ) I enabled both IMAP, SIMAP, SMTP and SSMTP in the Mail section. When I try to set up Thunderbird, I can now give you the proper error message. It sais: Thunderbird couldn't find mailbox settings. I use the following settings in Thunderbird:
Name: Obvious
Email: username@domain.hu
Password: user passwor
Incoming: IMAP, host.domain.hu, port:993, SSL/TLS, Normal password
Outgoing:  SMTP, host.domain.hu, port:465, SSL/TLS, Normal password
Username: username

For username I also tried username@domain.hu but didn't work. The funny thing is: If I click on test or retest button, it is telling me the error message mentioned above. But if I click on the Finnish button, then it requests me to download the certification what I gladly do. However the user can't sent any messages. It gives a timed out error for SMTP server. This story is getting very strange for me.

Oh, and yes, I'm using Zentyal FW. Obviously

[bruno85]

try whith port 587 for smtp, it work like this for me

[christian]

"username" to be used for IMAP is definitely your email address, not you "login".
In what you describe, you configure IMAP and then report that SMTP is not working  (sending message involves SMTP, not IMAP. these are 2 different processes.
If you configure IMAP, then check if IMAP works (once you will have fixed issue with username)

Indeed, port for secure SMTP (to send mail) is 587 and 993 for IMAPS

[bertalanimre]

587 is running on TLS? If yes and it will work ( I'll check it in minutes ) how come it isn't on 465 which is SSL?

EDIT:
Now I've set the thunderbird profile up, and now... no error messages, only nothing happens on the clients. The cert was asked to download or not ( obviously I downloaded it ), but then when I try to send a test message from 1 user to another, there is no error message, but the mail is lost.
Settings are now as following:
Incoming: IMAP, host.domain.hu, port:993, SSL/TLS, Normal password
Outgoing:  SMTP, host.domain.hu, port:465, STARTTLS, Normal password

Thunderbird somehow and somewhy in automatic recognision thinks that the IMAP has Kerberos authentication. Is that good or bad now?

[christian]

Indeed, your right, port for SSL is 465.
587 is for "SMTP with authentication".

The trick is to use STARTTLS instead of SSL
If you telnet on port 25 then send EHLO, you should get answer with "250 STARTTLS"
Then client starts TLS which builds tunnel.

I think you can also use SSL (although I didn't try) but then do not configure STARTTLS 

[bertalanimre]

See above Chris please. And thank for helping me. I'm stuck with this problem for weeks now....

[christian]

Well, again I think we should distinguish between IMAP and SMTP (even if at the end, I do agree that both have to work otherwise this is useless).
- Is your mailbox empty (server side) ?
- did you try to use "webmail" (RoundCube) to send/read mail in oder to populate mailbox and have easier check from Thunderbird?

[bertalanimre]

The mailbox must be empty because the server is newly installed and the test users were created a few days ago.
Webmail works, however I can see only the test messages I tried to send. The inbox is empty there too.

[christian]

look at my PM 

[bertalanimre]

1 sec. If I log in to Roundcube, the messages are not there. BUT if I log in to Zarafa, the messages are present. WTF? 

[christian]

The f#¤ck is that you don't tell you're using Zarafa 

I don't know why a lot of Zentyal user do not understand that standard (well, what I call "standard") mail in Zentyal is made of Postfix for SMTP and Dovecot for POP/IMAP server.
Zarafa is natively designed to support Outlook clients though MAPI protocol but as a lot of non-Outlook clients wanted to use Zarafa too, they developed this IMAP plugin allowing to access Zarafa with, e.g. your Thunderbird client.

So far so good but in such case:
- you can't enalbe POP and IMAP in Zentyal mail settings as it will conflict with Zarafa IMAP plugin
- I can't help you configuring it as I don't use Zarafa    but there is quite a lot of Zarafa users here 

[bertalanimre]

Hah, this is still a huge step forward. Somehow I non-stop forgot to check the webmail.... I think I will disable the Zarafa, probably because here will be no Outlook. I'll ban them from the office. But 1st I have to build up a castle around my desk, so the angry users won't be able to get me....  Thanks agan Chris.

[christian]

Wait, this is not as simple.

I tend you have a kind of truncated view with Zarafa because of their design that is really "Microsoft like", meaning they merge mail features and groupware or collaboration tools.
If you do need these additional features, Zarafa might be the right option for you, even if I describe their implementation as a crappy one because of the IMAP plugin

So think twice and look at similar or related post in this forum to make your own opinion about the right choice.
I'll not claim that my view is the only one valid