?
Solved

Can't add zoho pop account SSL error suspected

Posted on 2010-08-31
4
Medium Priority
?
982 Views
Last Modified: 2012-05-10
Hi there, we've been using zoho CRM for a while and have grown to like the functions it has but at times their support is unable to help resolve issues like this one, which probably isn't their fault, it's probably just not possible the way their software is written, so I'm looking at reconfiguring my setup to suit.

Ok, according to the zoho gurus, they will only accept 995 and 110 for POP and 25, 465, and 587 for SMTP.  

Our setup is 2008 SBS with Exchange Server 2007 just below SP2 with 2 Hubs
default receive connector

uses TLS and LDAP
uses white list IP addresses
Accepting on 25, 26, 465 587 to send

Relay connector(had to be used for our PBX to send voicemail to email)
Whitelisted IP
Anonymous auth
Accepting on 2525 to send

Here is where the problem lies I believe, I know we have a soft fail on the SSL that was used, as it's expired and we'll be moving everything up to Google in a couple of months, so to save some bucks it wasn't renewed.  On all the Outlook POP configurations the user simply accepts the certificate and we run with 995 and 465 for just about everyone with no trouble.  The problem here is that, I've white listed the IP address of the ZOHO server but the ZOHO software doesn't have any exceptions handling built in to take the soft failing certificate.  

So, the 500 point question is, which connectors should I modify (or should I create a new one) to make this work given the only ports that ZOHO will approve of using and keep down the risk of someone catching me in an open relay scenario.  
0
Comment
Question by:DaveHaertel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Dave_AND
ID: 33584572
This should be fairly easy looking at it. For the SMTP part,

Create a new receive connector using port 25,
allow the local IP address the CRM is on,
set the Authentication to "externally secured" and
Permission Groups as "anonymous users" and "exchange Servers"

This will give your CRM full access to send mail on SMTP with no authentication (but this will also allow port 25 to send mail from that IP, as long as you have that secure you should be ok)

Pop3, unless you use this outside of your CRM, just allow the connection on Plain login with no TLS and if your really worried, create a firewall rule blocking all traffic on 110 from anywhere except the CRM box.

Hope this makes sense, and good luck :)

0
 

Author Comment

by:DaveHaertel
ID: 33589037
Thanks Dave, I appreciate the response.  The CRM is on the outside though, not the inside.  ZOHO is tough because they don't allow for using custom ports.  25 is actually the direct route tied specifically to our barracuda spam filter and authenticated and using TLS/LDAP for it's delivery.  What I've found also is that all the appropriate ports are open, 995, 110, 587, and 465.  I can configure outlook to it no problem at all.  I've even went ahead and fixed the SSL certificate error so that's not the issue either.  My only thought is that the developers at ZOHO aren't sure what's going on, that's why I turned out here.  It's really a pretty standard Exchange setup, but ZOHO is used to tieing in with Webmail stuff like GMAIL and YAHOO and AOL.  
0
 
LVL 15

Accepted Solution

by:
Dave_AND earned 2000 total points
ID: 33589844
Well in the barracuda you can setup a rule to white list an IP, so unless they send you loads of spam, it should be safe.
0
 

Author Closing Comment

by:DaveHaertel
ID: 33590350
We wound up using a forwarder for outside the domain and just added the email address on behalf of.  That works well enough for the particular issue we were having.  I'll probably revisit this in a little while when the ZOHO mail product is a little more seasoned.  Thanks for the ideas and the help though, that solutioni probably would have worked but our barracuda is an older version that did not include per domain whitelisting of IPs so it would be opening it up to all the other domains on there and just isn't worth the risk.  Would have been nice to use SSL and do it the right way, hopefully that's in the cards for ZOHO soon.  
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question