Solved

Can't add zoho pop account SSL error suspected

Posted on 2010-08-31
4
951 Views
Last Modified: 2012-05-10
Hi there, we've been using zoho CRM for a while and have grown to like the functions it has but at times their support is unable to help resolve issues like this one, which probably isn't their fault, it's probably just not possible the way their software is written, so I'm looking at reconfiguring my setup to suit.

Ok, according to the zoho gurus, they will only accept 995 and 110 for POP and 25, 465, and 587 for SMTP.  

Our setup is 2008 SBS with Exchange Server 2007 just below SP2 with 2 Hubs
default receive connector

uses TLS and LDAP
uses white list IP addresses
Accepting on 25, 26, 465 587 to send

Relay connector(had to be used for our PBX to send voicemail to email)
Whitelisted IP
Anonymous auth
Accepting on 2525 to send

Here is where the problem lies I believe, I know we have a soft fail on the SSL that was used, as it's expired and we'll be moving everything up to Google in a couple of months, so to save some bucks it wasn't renewed.  On all the Outlook POP configurations the user simply accepts the certificate and we run with 995 and 465 for just about everyone with no trouble.  The problem here is that, I've white listed the IP address of the ZOHO server but the ZOHO software doesn't have any exceptions handling built in to take the soft failing certificate.  

So, the 500 point question is, which connectors should I modify (or should I create a new one) to make this work given the only ports that ZOHO will approve of using and keep down the risk of someone catching me in an open relay scenario.  
0
Comment
Question by:DaveHaertel
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Dave_AND
ID: 33584572
This should be fairly easy looking at it. For the SMTP part,

Create a new receive connector using port 25,
allow the local IP address the CRM is on,
set the Authentication to "externally secured" and
Permission Groups as "anonymous users" and "exchange Servers"

This will give your CRM full access to send mail on SMTP with no authentication (but this will also allow port 25 to send mail from that IP, as long as you have that secure you should be ok)

Pop3, unless you use this outside of your CRM, just allow the connection on Plain login with no TLS and if your really worried, create a firewall rule blocking all traffic on 110 from anywhere except the CRM box.

Hope this makes sense, and good luck :)

0
 

Author Comment

by:DaveHaertel
ID: 33589037
Thanks Dave, I appreciate the response.  The CRM is on the outside though, not the inside.  ZOHO is tough because they don't allow for using custom ports.  25 is actually the direct route tied specifically to our barracuda spam filter and authenticated and using TLS/LDAP for it's delivery.  What I've found also is that all the appropriate ports are open, 995, 110, 587, and 465.  I can configure outlook to it no problem at all.  I've even went ahead and fixed the SSL certificate error so that's not the issue either.  My only thought is that the developers at ZOHO aren't sure what's going on, that's why I turned out here.  It's really a pretty standard Exchange setup, but ZOHO is used to tieing in with Webmail stuff like GMAIL and YAHOO and AOL.  
0
 
LVL 15

Accepted Solution

by:
Dave_AND earned 500 total points
ID: 33589844
Well in the barracuda you can setup a rule to white list an IP, so unless they send you loads of spam, it should be safe.
0
 

Author Closing Comment

by:DaveHaertel
ID: 33590350
We wound up using a forwarder for outside the domain and just added the email address on behalf of.  That works well enough for the particular issue we were having.  I'll probably revisit this in a little while when the ZOHO mail product is a little more seasoned.  Thanks for the ideas and the help though, that solutioni probably would have worked but our barracuda is an older version that did not include per domain whitelisting of IPs so it would be opening it up to all the other domains on there and just isn't worth the risk.  Would have been nice to use SSL and do it the right way, hopefully that's in the cards for ZOHO soon.  
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question