7,166
edits
No edit summary |
No edit summary |
||
(31 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
*Unable to start TLS: SSL connect attempt failed | *Zimbra9, Zimbra10 FOSS | ||
仕事早いw | |||
https://forums.zimbra.org/viewtopic.php?t=72231 | |||
https://techfiles.online/zimbra/ | |||
*Zimbra9, Zimbra10 | |||
Open Source edition が無くなるようなので離脱の準備を始めることにする。 | |||
https://computingforgeeks.com/zimbra-open-source-editions-end-of-support/ | |||
メモ的キーワード opendkim postsrsd | |||
*Apple macos iOS にオレオレ証明書が使えない | |||
昔できた方法がもはや拒否されてるので、この際なので Let’s Encrypt を導入した。 | |||
https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate | |||
python のバージョン不整合地獄に落ちだが、上の方法が一番近道なので、不整合地獄を力業で解決するのが吉。 | |||
手アップデートやパッケージ hold とか駆使しつつ... | |||
証明書が更新されたあとに自動 restart はまた考える | |||
*オレオレ証明書の更新 | |||
https://wiki.zimbra.com/wiki/Regenerate_Self-Signed_SSL_Certificate_-_Single-Server | |||
zimbra ユーザで | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
/opt/zimbra/bin/zmcertmgr createca -new | |||
/opt/zimbra/bin/zmcertmgr deployca | |||
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 | |||
/opt/zimbra/bin/zmcertmgr deploycrt self | |||
/opt/zimbra/bin/zmcertmgr viewdeployedcrt | |||
zmcontrol restart | |||
</syntaxhighlight> | |||
*BLOCK customer.worldstream.nl | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
zmprov mcf zimbraMtaHeaderChecks 'pcre:/opt/zimbra/conf/postfix_header_checks pcre:/opt/zimbra/conf/custom_header_checks' | |||
zmmtactl restart | |||
</syntaxhighlight> | |||
/opt/zimbra/conf/custom_header_checks | |||
<syntaxhighlight lang="text" enclose="div"> | |||
/^Received: from customer\.worldstream\.nl/ DISCARD | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
/opt/zimbra/common/sbin/postfix reload | |||
</syntaxhighlight> | |||
https://wiki.zimbra.com/wiki/King0770-Notes-Header-Checks | |||
https://gato.intaa.net/archives/12999 | |||
*TLSv1.2 のみしたかったが | |||
iPhone (iOS12) Mail (IMAP) から繋がらず、 TLSv1 を有効にしないといけないらしい...アカンやつやw | |||
*Unable to start TLS: SSL connect attempt failed error: | |||
SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master. | |||
apt でパッケージが 8.7b8 から 8.7b9 に upgrade されたら StartTLS がこわれた... | |||
強引な解決方法 | 強引な解決方法 | ||
Line 6: | Line 67: | ||
zmlocalconfig -e ldap_starttls_supported=0 | zmlocalconfig -e ldap_starttls_supported=0 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
[https://wiki.zimbra.com/wiki/Unable_to_create_a_successful_TLS_connection_to_the_ldap_masters When upgrading to 8.5x, "Unable to create a successful TLS connection to the ldap masters" comes up] | |||
* gzip: stdin: file size changed while zipping | * gzip: stdin: file size changed while zipping | ||
Line 14: | Line 77: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
[https://sebastian.marsching.com/wiki/Network/Zimbra Network/Zimbra - Sebastian's Wiki] | [https://sebastian.marsching.com/wiki/Network/Zimbra Network/Zimbra - Sebastian's Wiki] | ||
* OS upgrade の場合 | * OS upgrade の場合 | ||
Line 23: | Line 85: | ||
cd zimbra.lts16 | cd zimbra.lts16 | ||
cp -adpRx bin common/bin common/lib common/libexec common/sbin common/share lib libexec /opt/zimbra | cp -adpRx bin common/bin common/lib common/libexec common/sbin common/share lib libexec /opt/zimbra | ||
</syntaxhighlight> | |||
コピーがうまくいかないので、tar cf - ./bin|(cd /opt/zimbra;tar xf -) でちまちまコピる | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
cd /opt | |||
cd zimbra.lts16 | |||
tar cf - ./bin ./common/bin ./common/lib ./common/libexec ./common/sbin ./common/share ./lib ./libexec |(cd /opt/zimbra;tar xf -) | |||
</syntaxhighlight> | </syntaxhighlight> | ||