2004.07.08 04:02:07 <<<< Logging Started (level is
LTF_TRACE) >>>>
2004.07.08 04:02:07 al...@rateliff.net: Synch operation
started (flags = 00000001)
2004.07.08 04:02:07 al...@rateliff.net: UploadItems: 1
messages to send
2004.07.08 04:02:07 SMTP (secure.rateliff.net): Begin
execution
2004.07.08 04:02:07 SMTP (secure.rateliff.net): Port: 925,
Secure: SSL, SPA: no
2004.07.08 04:02:07 SMTP (secure.rateliff.net): Finding
host
2004.07.08 04:02:07 SMTP (secure.rateliff.net): Securing
connection
2004.07.08 04:02:12 SMTP (secure.rateliff.net):
Disconnected from host
2004.07.08 04:03:12 SMTP (secure.rateliff.net): End
execution
2004.07.08 04:03:12 al...@rateliff.net: ReportStatus:
RSF_COMPLETED, hr = 0x800ccc7d
2004.07.08 04:03:12 al...@rateliff.net: Synch operation
completed
Note that the port is 925, however this fails on ports 465
and 25 as well on BOTH clients.
Considering my network structure, this might at first
glance appear to be the MTU issue with the LinkSys routers
referenced in another KBA. However, I have determined
that the problem exists behind several different routers
with varying MTU settings, on both cable and ADSL
connections. In recent testing, the computer was unable
to send when connected DIRECTLY to the Internet on the
same network as the server.
Build information on one of the problem clients:
11.5608.5703
I noticed when looking at the "About Outlook" window that
it shows a cipher strength of 128 bits. My SSL
certificate is 256 bits. I'm not familiar enough with the
inner workings of SSL encrypted email to determine if this
is a potential problem.
--
Alan W. Rateliff, II
"Alan W. Rateliff II" <li...@rateliff.net> wrote in message
news:28c0901c464c5$5c640450$a501...@phx.gbl...
Yes:
220 mx1.rateliff.net ESMTP Sendmail 8.13.0/8.13.0; Thu, 8
Jul 2004 10:44:55 -0400 (EDT); Message delivery to this
system implies acceptance of policies at
http://info.rateliff.net/mailpolicy.php
ehlo dsl
250-mx1.rateliff.net Hello [REMOVED], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 15728640
250-DSN
250-AUTH LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
Outside of that, I did find one post last year that a configuration change
would need to be made to Sendmail and recompile in order to support Outlook
when moving outside of port 25.
"Alan W. Rateliff II" <li...@rateliff.net> wrote in message
news:29b6101c464fa$618f2830$a301...@phx.gbl...
I have also heard that Outlook doesn't like STARTTLS on
anything but port 25. Outlook Express didn't (seem) to
have that limitation, and I don't recall running into this
problem with Outlook until fairly recently.
>Outside of that, I did find one post last year that a
configuration change
>would need to be made to Sendmail and recompile in order
to support Outlook
>when moving outside of port 25.
I have seen some sites which indicate that a DAEMON_OPTION
setting of M=s on port 465 (smtps) would create a daemon
which begins SSL immediately. (I've tried this to no
avail, and from the Sendmail op guide it appears that
the "s" switch simply _offers_ STARTTLS on that daemon,
versus "S" which suppresses STARTTLS.) I have't found
anything outside of that, so I would appreciate and
information you turn up.
I'm going to wind up posting to the sendmail group as well
to see what I can turn up there. I was hoping the fix was
with Outlook, forcing it to play nice on other ports than
25 ;)
Found in comp.mail.sendmail, posted by Ken Murchison, with
Message-ID: <cmu-nntpd-14391-1063971985-
0...@eagle.oceana.com> (groups.google.com keyword search
of "outlook sendmail starttls"):
** BEGIN QUOTE **
Rabellino Sergio wrote:
> FiLH wrote:
>
>>
>> Always dealing with Outlook problems I have now the
following problem
>> I have configured sendmail so that it asks for auth but
only after
>> starttls has been issued. The configuration works fine
with Mozilla.
>>
>> When I try with outlook express of course it does not
work.
>> I have setup the account so that it does not use secure
password, but
>> needs authentication, and in the advanced tab I check
use SSL.
>>
>> When I look at the tcp session it seems that outlook
directly starts
>> sending encrypted data.
>> Is there a point that I am missing somewhere ?
>>
>> f.g.
>>
>>
>>
> There are some tricks to get outlook work with SSL
enabled.
>
> I've installed an MSA port on port 587, with auth only
enabled. Then
> installed an SSL wrapper on port 465 that talks directly
SSL, without
> STARTTLS features, like sslwrap or ssltunnel.
FYI, Sendmail can do this for you, using a feature that I
added back in
8.10 (IIRC). Recompile Sendmail using -D_FFR_SMTP_SSL and
then add
something like this to sendmail.mc:
DAEMON_OPTIONS(`Port=465, Name=SSA, M=Es')dnl # SSL MSA
The 's' flag tells it to start SSL immediately.
** END QUOTE **
I have done this by adding the -D_FFR_SMTP_SSL switch to
my devtools/Site/siteconfig.m4 file, which now contains:
APPENDDEF(`confENVDEF', `-DSASL -DSTARTTLS -
DHASURANDOMDEV -D_FFR_SMTP_SSL')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl -lssl -lcrypto')
APPENDDEF(`conf_sendmail_INCDIRS',`-
I/usr/local/ssl/include')
APPENDDEF(`conf_sendmail_LIBDIRS',`-L/usr/local/ssl/lib')
(-lsasl is there for AUTH transport)
Added this line to my sendmail.mc file:
DAEMON_OPTIONS(`port=465, Name=MTASSL, M=aEs')dnl
(a=require AUTH, E=disable ETRN, s=start SSL)
et voila! So far over a dozen test messages have gone
through without a problem. I will monitor this thread for
another couple of days. Thanks for the nudge!
"Alan W. Rateliff III" <li...@rateliff.net> wrote in message
news:2a2f401c4657e$b12d7ed0$a301...@phx.gbl...
And it will confuse them even more to know that maybe 1 in
every 30 attempts the mail actually _did_ go through via
STARTTLS. That's what was happening with me, and why I
spent so much time investigating MTU and routing issues.
Does MS actually monitor these groups?
/neo
ps - above applies of course to anything not on port 25. port 25 works
perfect every time when dealing with TLS. personally i think we are dealing
with legacy code that was written to support ssmtp (port 465) and the
internal logic is, if not on port 25 do the SSL bind and that be it. FWIW,
Outlook Express also appears to be bitten by the same logic. Therefore the
problem might be deeper than just OE/Outlook, but somewhere in the core of
operating system itself.
"Alan W. Rateliff II" <li...@rateliff.net> wrote in message
news:2a0be01c465d3$d577ce80$a401...@phx.gbl...