Solved

Can't add zoho pop account SSL error suspected

Posted on 2010-08-31
4
938 Views
Last Modified: 2012-05-10
Hi there, we've been using zoho CRM for a while and have grown to like the functions it has but at times their support is unable to help resolve issues like this one, which probably isn't their fault, it's probably just not possible the way their software is written, so I'm looking at reconfiguring my setup to suit.

Ok, according to the zoho gurus, they will only accept 995 and 110 for POP and 25, 465, and 587 for SMTP.  

Our setup is 2008 SBS with Exchange Server 2007 just below SP2 with 2 Hubs
default receive connector

uses TLS and LDAP
uses white list IP addresses
Accepting on 25, 26, 465 587 to send

Relay connector(had to be used for our PBX to send voicemail to email)
Whitelisted IP
Anonymous auth
Accepting on 2525 to send

Here is where the problem lies I believe, I know we have a soft fail on the SSL that was used, as it's expired and we'll be moving everything up to Google in a couple of months, so to save some bucks it wasn't renewed.  On all the Outlook POP configurations the user simply accepts the certificate and we run with 995 and 465 for just about everyone with no trouble.  The problem here is that, I've white listed the IP address of the ZOHO server but the ZOHO software doesn't have any exceptions handling built in to take the soft failing certificate.  

So, the 500 point question is, which connectors should I modify (or should I create a new one) to make this work given the only ports that ZOHO will approve of using and keep down the risk of someone catching me in an open relay scenario.  
0
Comment
Question by:DaveHaertel
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Dave_AND
Comment Utility
This should be fairly easy looking at it. For the SMTP part,

Create a new receive connector using port 25,
allow the local IP address the CRM is on,
set the Authentication to "externally secured" and
Permission Groups as "anonymous users" and "exchange Servers"

This will give your CRM full access to send mail on SMTP with no authentication (but this will also allow port 25 to send mail from that IP, as long as you have that secure you should be ok)

Pop3, unless you use this outside of your CRM, just allow the connection on Plain login with no TLS and if your really worried, create a firewall rule blocking all traffic on 110 from anywhere except the CRM box.

Hope this makes sense, and good luck :)

0
 

Author Comment

by:DaveHaertel
Comment Utility
Thanks Dave, I appreciate the response.  The CRM is on the outside though, not the inside.  ZOHO is tough because they don't allow for using custom ports.  25 is actually the direct route tied specifically to our barracuda spam filter and authenticated and using TLS/LDAP for it's delivery.  What I've found also is that all the appropriate ports are open, 995, 110, 587, and 465.  I can configure outlook to it no problem at all.  I've even went ahead and fixed the SSL certificate error so that's not the issue either.  My only thought is that the developers at ZOHO aren't sure what's going on, that's why I turned out here.  It's really a pretty standard Exchange setup, but ZOHO is used to tieing in with Webmail stuff like GMAIL and YAHOO and AOL.  
0
 
LVL 15

Accepted Solution

by:
Dave_AND earned 500 total points
Comment Utility
Well in the barracuda you can setup a rule to white list an IP, so unless they send you loads of spam, it should be safe.
0
 

Author Closing Comment

by:DaveHaertel
Comment Utility
We wound up using a forwarder for outside the domain and just added the email address on behalf of.  That works well enough for the particular issue we were having.  I'll probably revisit this in a little while when the ZOHO mail product is a little more seasoned.  Thanks for the ideas and the help though, that solutioni probably would have worked but our barracuda is an older version that did not include per domain whitelisting of IPs so it would be opening it up to all the other domains on there and just isn't worth the risk.  Would have been nice to use SSL and do it the right way, hopefully that's in the cards for ZOHO soon.  
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now