• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1016
  • Last Modified:

Can't add zoho pop account SSL error suspected

Hi there, we've been using zoho CRM for a while and have grown to like the functions it has but at times their support is unable to help resolve issues like this one, which probably isn't their fault, it's probably just not possible the way their software is written, so I'm looking at reconfiguring my setup to suit.

Ok, according to the zoho gurus, they will only accept 995 and 110 for POP and 25, 465, and 587 for SMTP.  

Our setup is 2008 SBS with Exchange Server 2007 just below SP2 with 2 Hubs
default receive connector

uses TLS and LDAP
uses white list IP addresses
Accepting on 25, 26, 465 587 to send

Relay connector(had to be used for our PBX to send voicemail to email)
Whitelisted IP
Anonymous auth
Accepting on 2525 to send

Here is where the problem lies I believe, I know we have a soft fail on the SSL that was used, as it's expired and we'll be moving everything up to Google in a couple of months, so to save some bucks it wasn't renewed.  On all the Outlook POP configurations the user simply accepts the certificate and we run with 995 and 465 for just about everyone with no trouble.  The problem here is that, I've white listed the IP address of the ZOHO server but the ZOHO software doesn't have any exceptions handling built in to take the soft failing certificate.  

So, the 500 point question is, which connectors should I modify (or should I create a new one) to make this work given the only ports that ZOHO will approve of using and keep down the risk of someone catching me in an open relay scenario.  
0
DaveHaertel
Asked:
DaveHaertel
  • 2
  • 2
1 Solution
 
Dave_ANDCommented:
This should be fairly easy looking at it. For the SMTP part,

Create a new receive connector using port 25,
allow the local IP address the CRM is on,
set the Authentication to "externally secured" and
Permission Groups as "anonymous users" and "exchange Servers"

This will give your CRM full access to send mail on SMTP with no authentication (but this will also allow port 25 to send mail from that IP, as long as you have that secure you should be ok)

Pop3, unless you use this outside of your CRM, just allow the connection on Plain login with no TLS and if your really worried, create a firewall rule blocking all traffic on 110 from anywhere except the CRM box.

Hope this makes sense, and good luck :)

0
 
DaveHaertelAuthor Commented:
Thanks Dave, I appreciate the response.  The CRM is on the outside though, not the inside.  ZOHO is tough because they don't allow for using custom ports.  25 is actually the direct route tied specifically to our barracuda spam filter and authenticated and using TLS/LDAP for it's delivery.  What I've found also is that all the appropriate ports are open, 995, 110, 587, and 465.  I can configure outlook to it no problem at all.  I've even went ahead and fixed the SSL certificate error so that's not the issue either.  My only thought is that the developers at ZOHO aren't sure what's going on, that's why I turned out here.  It's really a pretty standard Exchange setup, but ZOHO is used to tieing in with Webmail stuff like GMAIL and YAHOO and AOL.  
0
 
Dave_ANDCommented:
Well in the barracuda you can setup a rule to white list an IP, so unless they send you loads of spam, it should be safe.
0
 
DaveHaertelAuthor Commented:
We wound up using a forwarder for outside the domain and just added the email address on behalf of.  That works well enough for the particular issue we were having.  I'll probably revisit this in a little while when the ZOHO mail product is a little more seasoned.  Thanks for the ideas and the help though, that solutioni probably would have worked but our barracuda is an older version that did not include per domain whitelisting of IPs so it would be opening it up to all the other domains on there and just isn't worth the risk.  Would have been nice to use SSL and do it the right way, hopefully that's in the cards for ZOHO soon.  
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now