|

Courier Mail Server

»

Problem sending mail to exchange server using starttls

View: New views

3 Messages — Rating Filter: Alert me

	Problem sending mail to exchange server using starttls by Bijan Soleymani :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I've just switched to courier-mta from exim. I'm running Debian Lenny. Anyways I am having trouble sending messages to an exchange server. This is what courier sends me: <quote> DELAYS IN DELIVERING YOUR MESSAGE The delivery of the following E-mail message has been delayed. [snip] This is an advisory notice for the following addresses only: <xxx@...>: XXX.com [xxx.xxx.xxx.xxx]: <<< Broken pipe </unquote> syslog and mail.log show: Nov 6 06:25:20 psqtech01 courierd: started,id=some_long_string,from=<bijan@...>,module=esmtp,host=XXX.com,addr=<xxx@...> Nov 6 06:25:20 psqtech01 courierd: Waiting. shutdown time=none, wakeup time=Fri Nov 6 06:29:36 2009, queuedelivering=8, inprogress=2 Nov 6 06:25:20 psqtech01 courieresmtp: id=some_long_string,from=<bijan@...>,addr=<xxx@...>: Connection reset by peer Nov 6 06:25:20 psqtech01 courieresmtp: id=some_long_string,from=<bijan@...>,addr=<xxx@...>,status: deferred I know that I can send mail to the domain through normal SMTP, but I think there is some trouble with using TLS. I say this because I have run some basic tests using telnet to connect to the server. If I telnet to port 25, I can get: 220 XXX.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Fri, 6 Nov 2009 06:48:12 -0500 and I can do: EHLO psq.com 250-XXX.com Hello [xxx.xxx.xxx.xxx] 250-TURN 250-SIZE 1048576000 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-BINARYMIME 250-CHUNKING 250-VRFY 250-TLS 250-STARTTLS 250 OK then i do: MAIL FROM: bijan@... 250 2.1.0 bijan@... OK RCPT TO: xxx@... 250 2.1.5 xxx@... then finally DATA 354 Start mail input; end with <CRLF>.<CRLF> and I can type in the message, I get 250 2.6.0 <longstring@...> Queued mail for delivery and then I'm done and I QUIT. So I see that I can send mail to the domain normally. However when I try to use openssl s_client to connect to the server. This is what happens: openssl s_client -crlf -starttls smtp -connect XXX.com:25 bunch of SSL info 250 OK then I do MAIL FROM: bijan@... 250 2.1.0 bijan@... OK RCPT TO: xxx@... RENEGOTIATING 19407:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: So now I don't know if I'm just missing some option to OpenSSL's s_client or if there's some bug with OpenSSL. Not knowing much about SSL, TLS, etc. It seems everything is good until it tries to renegotiate the connection and then OpenSSL dies. I'm sure courier is using TLS because I've looked at the traffic between courier and exchange using tshark (a command-line packet capture tool). And I can see that courier is issuing the STARTTLS command: 0.022585 67.212.81.240 -> xxx.xxx.xxx.xxx SMTP C: EHLO imap.psq.com 0.033803 xxx.xxx.xxx.xxx -> 67.212.81.240 SMTP S: 250-XXX.com Hello [67.212.81.240] \| 250-TURN \| 250-SIZE 1048576000 \| 250-ETRN \| 250-PIPELINING \| 250-DSN \| 250-ENHANCEDSTATUSCODES \| 250-BINARYMIME \| 250-CHUNKING \| 250-VRFY \| 250-TLS \| 250-STARTTLS \| 250 OK 0.033873 67.212.81.240 -> xxx.xxx.xxx.xxx SMTP C: STARTTLS 0.045006 xxx.xxx.xxx.xxx -> 67.212.81.240 SMTP S: 220 2.0.0 SMTP server ready [encrypted data] Anyways is there some easy way to fix this? Or this there some way to make courier fall back to just sending the mail without STARTTLS (if STARTTLS fails). P.S. Sorry about the super long message, but I wanted to make sure I wasn't missing any information that could help pinpoint the problem. Thanks in advance, Bijan ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ courier-users mailing list courier-users@... Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
	Re: Problem sending mail to exchange server using starttls by Bowie Bailey :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Bijan Soleymani wrote: > Hi, > > I've just switched to courier-mta from exim. I'm running Debian Lenny. > > Anyways I am having trouble sending messages to an exchange server. > snip. > Anyways is there some easy way to fix this? Or this there some way to > make courier fall back to just sending the mail without STARTTLS (if > STARTTLS fails). > No, If the receiving server advertises encryption, Courier will use it. It will not fall back because there may be a reason that server wants to use encryption. Exchange servers seem to be the worst offenders for advertising that they support TLS and then failing when you try to use it. You can override this on a per-domain basis using the esmtproutes file like this: domain.com: /SECURITY=NONE -- Bowie ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ courier-users mailing list courier-users@... Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
	Re: Problem sending mail to exchange server using starttls by Joseph C. Lininger :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Anyways is there some easy way to fix this? Or this there some way to > make courier fall back to just sending the mail without STARTTLS (if > STARTTLS fails). Microsoft Exchange does this sort of thing quite frequently. That is, advertise that they'll support TLS, and then fail when the sending host tries to use it. You can't get it to fall back to not using tls, but what you can do is disable TLS on a per-domain bases when you know it won't work. The way you do that is to edit your smtproutes file. To disable starttls for the domain example.com, for example, you'd put this in the file. example.com: /SECURITY=NONE - -- Those of you who think they know everything are very annoying to those of us who actually do. Joseph C. Lininger, <jbahm@...> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iQEcBAEBCAAGBQJK9JAVAAoJEMh8jNraUiwqFuUH/1q7tNPsRlm/84VZ/HtDESVq wdQkQzTQfoloTZRN1FnddzG1rr9o4N88iOPitybUOTC3ZZup6+tL2aDizny/EbP8 1ll9TmaBQAPx9AEF3Ul6MxAOxxmFJYeDoxahePxP/9csjsf4gPaKtuCTPADqPBe9 ZA+RRjv/bD5r6mDw7+0Tsc4PGNpMh0D7CTAqLmPLEQsWDyHOmcZtdhDVmg6JIS/2 MjCm++TLEWSkrbmftSE9Fwjc4J04dQyE51g6pfAq0NVS8vyZntnEg2foYxgGn4HE Z4RYCCjDMf6JhWp6FFGFiTnpD50OgkkRa8TT4fPf++rff+NnXZvNSWThi6lIGl4= =k6s3 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ courier-users mailing list courier-users@... Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users