smarthosting with qmail and TLS doesn't work
- From: Jan-Philipp Wagner <Jan-Philipp Wagner@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 21 Jan 2008 11:07:07 -0800
We have an Exchange Server 2003 on a SBS 2003 that is supposed to relay
outgoing mail to another mail-server (Debian 4.0, QMail). QMail is configured
to require username and password to prevent open relay functionality and TLS
to defend against sniffing the credentials.
We set up a SMTP-Connector, typed in the address of the smarthost, supplied
the Outgoing Security Tab with username and password and checked the
TLS-Encryption box.
Unfortunately relaying doesn't work. Even worse, Exchange is not complaining
about it in Exchange System Manager (e.g. if you check TLS and the smarthost
doesn'support TLS, you get in message at the waiting queue saying something
like "TLS is not supported").
Of course you get a delivery failure notification saying "#5.5.0 smtp;553
sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)" which
comes from QMail . In our opinion this can only be the case if the sender of
the mail did not authenticate correctly.
The logs from Exchange and QMail are similar. We now captured tcp traffic on
port 25 when traying to relay an e-mail:
6 15.406250 78.46.39.75 192.168.67.2 SMTP SMTP: Rsp 220 qmail.foo.com
ESMTP, 31 bytes
7 15.625000 192.168.67.2 78.46.39.75 TCP TCP: Flags=....A...,
SrcPort=40793, DstPort=SMTP(25), Len=0, Seq=2842258295, Ack=3101341142,
Win=65504 (scale factor not found)
8 15.687500 192.168.67.2 78.46.39.75 SMTP SMTP: Cmd EHLO mail.bar.local, 38
bytes
9 15.718750 78.46.39.75 192.168.67.2 TCP TCP: Flags=....A...,
SrcPort=SMTP(25), DstPort=40793, Len=0, Seq=3101341142, Ack=2842258333,
Win=5840 (scale factor not found)
10 15.718750 78.46.39.75 192.168.67.2 SMTP SMTP: Rsp 250 -qmail.foo.com, 81
bytes
11 15.718750 192.168.67.2 78.46.39.75 SMTP SMTP: Cmd MAIL
FROM:<test-mailer@xxxxxxx>, 42 bytes
12 15.765625 78.46.39.75 192.168.67.2 SMTP SMTP: Rsp 250 ok, 8 bytes
13 15.765625 192.168.67.2 78.46.39.75 SMTP SMTP: Cmd RCPT
TO:<test-mailer@xxxxxx>, 30 bytes
14 15.812500 78.46.39.75 192.168.67.2 SMTP SMTP: Rsp 553 sorry, that
domain isn't in my list of allowed rcpthosts (#5.7.1), 71 bytes
15 15.812500 192.168.67.2 78.46.39.75 SMTP SMTP: Cmd RSET, Resets mail
connection
16 15.843750 78.46.39.75 192.168.67.2 SMTP SMTP: Rsp 250 flushed, 13 bytes
17 16.062500 192.168.67.2 78.46.39.75 TCP TCP: Flags=....A...,
SrcPort=40793, DstPort=SMTP(25), Len=0, Seq=2842258411, Ack=3101341315,
Win=65331 (scale factor not found)
18 16.062500 192.168.67.2 78.46.39.75 SMTP SMTP: Cmd QUIT, Terminates the
mail session
19 16.093750 78.46.39.75 192.168.67.2 SMTP SMTP: Rsp 221 qmail.foo.com, 25
bytes
We tested sending an e-mail via telnet to qmail, which worked out fine.
After Cmd EHLO the next thing we had to do was Cmd STARTTLS. Then you type in
the (encrypted) credentials and everything works fine. Looking at the capture
from Exchange, there is no STARTTLS...
Does anybody have an idea?
.
- Follow-Ups:
- Re: smarthosting with qmail and TLS doesn't work
- From: Rich Matheisen [MVP]
- Re: smarthosting with qmail and TLS doesn't work
- From: Oliver Moazzezi [MVP]
- Re: smarthosting with qmail and TLS doesn't work
- Prev by Date: Auto-Sharing company calendars
- Next by Date: Re: Auto-deletion of messages not working on one account
- Previous by thread: Auto-Sharing company calendars
- Next by thread: Re: smarthosting with qmail and TLS doesn't work
- Index(es):
Relevant Pages
|
