Re: SMTP using TCP port 587 /w SSL

From: S.Y. Paul Lai (syplai_at_hotmail.com)
Date: 08/01/04 

Date: Sun, 1 Aug 2004 23:25:18 +0800

I finally find the fact behind the problem by web search (it's hard to
find):

http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/doc/intro.html
The following MUAs are known to work with RFC2487:
Netscape >= 4.5 supports STARTTLS and client certificates.
Outlook (Express) >= 5 supports STARTTLS (only on port 25) and traditional
SSL-Wrapping style (on all other ports). No support for client certificates.
Eudora >= 5.1 supports STARTTLS. Client certificaate status unknown.

http://www.winnetmag.com/MicrosoftExchangeOutlook/Article/ArticleID/6017/6017.html
One solution is to point your SSL SMTP clients at an SSL-capable SMTP server
(e.g., Netscape's mail server), or you can deploy Outlook 2000 and Outlook
Express 5.0, both of which can speak TLS on port 25. 

--
In conclusion, Exchange supports RFC2487 standard TLS, but Outlook Express
only supports it on port 25.  I think Microsoft should add a KB document on
the support site to explain that.  Nowaday, many ISPs are blocking SMTP port
25, we need another secure port to submit our email to IIS server or
Exchange server.
S.Y.P. Lai
MCSE+Internet NT4
MCSE+Security Win2K
MCSE+Messaging Win2k3
"S.Y. Paul Lai" <syplai@hotmail.com>
news:Ou%23NMJ9dEHA.3476@tk2msftngp13.phx.gbl
> Thankyou for your test.  However, I can setup OE6 to use SSL in a
different
> port, too, but when I send a mail, it always return something like this:
>
> Your server has unexpectedly terminated the connection.  Possible causes
for
> this include server problems, network problems, or a long period of
> inactivity.  Account: 'my account', Server: 'myserver.mydomain.com',
> Protocol: SMTP, Port: 465, Secure(SSL): Yes, Error Number: 0x800CCC0F
>
> Using the same clients to connect to the same server, when I don't require
> SSL in server and don't set SSL on clients, they can use port 465.  When I
> require SSL in server /w port 25 and the clients are using port 25, they
> works well.  The problem only exists when I use SSL on other ports like
465
> or 587.  I have obtained the same result using OE6 in 3 different
computers,
> one of them is the exchange server itself.
>
> To temperorily solve the problem, I setup a single virtual server using
the
> TCP 25 port.  It allows either anomynous non-SSL connection or
> Basic-Authentication TLS connection.  Anomynous asscess and basic
> authentication requiring TLS is checked, NT authentication is disabled as
it
> doesn't require encryption.  Web server certificate is installed on the
> virtual server but security channel is not required.  Relay is only
allowed
> for authenticated users.  The result: incomming and outgoing SMTP messages
> can route through the virtual server without authentication, but public
> relay is not allowed; client submission must be authenticated/encrypted
> using TLS and can be relay out of the organization.
>
> I read something from http://support.microsoft.com said that the SMTP SSL
> protocol supported by Outlook 97/98 is not compatible with the TLS
> encryption supported by Exchange 5.5 (KB218430).  In the document, it
saids
> OE5 and Outlook 2000 would support TLS over port 25, well, port 25 only.
>
> I don't know whether my problem is related to the same problem mentioned
in
> KB218430.  However, OE6 is a very common email client.  It should support
> the common SMTP SSL setup using port 465 or 587.  I hope Microsoft will
fix
> that.
>
>
> -- 
>
> S.Y.P. Lai
> MCSE+Internet NT4
> MCSE+Security Win2K
> MCSE+Messaging Win2k3
-- 
S.Y.P. Lai
MCSE+Internet NT4
MCSE+Security Win2K
MCSE+Messaging Win2k3
"S.Y. Paul Lai" <sylai8@hotmail.com> ¦b¶l¥ó
news:%23S5LtX2dEHA.2520@TK2MSFTNGP12.phx.gbl ¤¤¼¶¼g...
> Anyone know the real solution to the disconnection problem while using SSL
> other than the standard TCP 25 port in Outlook Express?
>
> I've tested it.  Using SSL on TCP port 25 works well!  TCP ports other
than
> 25 without using SSL works well, too.  The problem only exists when you
use
> SSL on port other than TCP port 25, which is the most common setting when
> you use TCP port 587 or port 465.
>
> I know what is firewall, and I know how antivirus programs intercept
> incoming and outgoing emails.  I have none of them on the test computer,
> which is also the exchange server.
>
> Thankyou in advance for any reply.
>
> ------------------------------
> S.Y.P. Lai
> MCSE+I NT4
> MCSE+Security 2000
> MCSE+Messaging 2003
>
>

Relevant Pages

  • Re: Antw: Re: LDAP Authentication Problem
    ... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
    (de.comp.sys.novell)
  • Re: Unable to print to networked printer - get access denied messa
    ... Check the permissions on the server assuming the client has a true RPC ... How is the Standard TCP/IP port configured for the device? ...
    (microsoft.public.windowsxp.print_fax)
  • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
    ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    (Debian-User)
  • Re: Remote Connection Issue
    ... through port number 3389 and a workstation on the LAN through port number ... I understand that you want to allow a LAN client ... and you have configured server publishing rule ... > By default Terminal Server and Windows 2000 Terminal Services uses TCP ...
    (microsoft.public.windows.server.sbs)
  • SSL and IPS (was RE: ssh and ids)
    ... How many simultaneous SSL sessions can be tracked?" ... I assume you're talking about a case in which the client constantly ... If you walk the possible session id space and ... The server chooses the session ID, ...
    (Focus-IDS)
Loading