Using STARTTLS for message delivery
Using STARTTLS for message delivery
I am new to hMailerServer and am using hMailServer 5.6.7-B2425. I am trying to send mail to a server that is complaining "This sender must issue a STARTTLS command first".
I'm not sure what steps I missed. Any assistance would be greatly appreciated.
SMTP Setting: Here is the log:
"DEBUG" 5780 "2019-08-01 18:43:03.905" "Creating session 25"
"TCPIP" 5780 "2019-08-01 18:43:03.908" "TCP - 10.150.170.98 connected to 10.150.170.98:25."
"DEBUG" 5780 "2019-08-01 18:43:03.912" "TCP connection started for session 23"
"SMTPD" 5780 23 "2019-08-01 18:43:03.913" "10.150.170.98" "SENT: 220 smtp2.xyxcompany.com ESMTP"
"SMTPD" 5780 23 "2019-08-01 18:43:03.914" "10.150.170.98" "RECEIVED: EHLO SERVER"
"SMTPD" 5780 23 "2019-08-01 18:43:03.915" "10.150.170.98" "SENT: 250-smtp2.xyzcompany.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 5780 23 "2019-08-01 18:43:03.916" "10.150.170.98" "RECEIVED: MAIL FROM:<Support@xyzcompany.com>"
"DEBUG" 5780 "2019-08-01 18:43:03.920" "Total spam score: 0"
"SMTPD" 5780 23 "2019-08-01 18:43:03.929" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 4292 23 "2019-08-01 18:43:03.930" "10.150.170.98" "RECEIVED: RCPT TO:<Jane.Publiclino@abccompany.com>"
"SMTPD" 4292 23 "2019-08-01 18:43:03.941" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 14128 23 "2019-08-01 18:43:03.942" "10.150.170.98" "RECEIVED: DATA"
"SMTPD" 14128 23 "2019-08-01 18:43:03.945" "10.150.170.98" "SENT: 354 OK, send."
"DEBUG" 11544 "2019-08-01 18:43:03.948" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 9832 "2019-08-01 18:43:03.948" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 9832 "2019-08-01 18:43:03.954" "Total spam score: 0"
"DEBUG" 9832 "2019-08-01 18:43:03.955" "Saving message: {839024B2-89B2-428E-8DEF-24A2F2EE29A6}.eml"
"DEBUG" 9832 "2019-08-01 18:43:03.990" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 9832 23 "2019-08-01 18:43:03.991" "10.150.170.98" "SENT: 250 Queued (0.000 seconds)"
"DEBUG" 9944 "2019-08-01 18:43:04.006" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 20772 "2019-08-01 18:43:04.007" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 20772 "2019-08-01 18:43:04.013" "Delivering message..."
"APPLICATION" 20772 "2019-08-01 18:43:04.014" "SMTPDeliverer - Message 21924: Delivering message from Support@xyzcompany.com to Jane.Publiclino@abccompany.com. File: G:\Program Files (x86)\hMailServer\Data\{839024B2-89B2-428E-8DEF-24A2F2EE29A6}.eml"
"DEBUG" 20772 "2019-08-01 18:43:04.024" "Applying rules"
"DEBUG" 20772 "2019-08-01 18:43:04.028" "Performing local delivery"
"DEBUG" 20772 "2019-08-01 18:43:04.029" "Local delivery completed"
"TCPIP" 20772 "2019-08-01 18:43:04.031" "DNS MX lookup: abccompany.com"
"TCPIP" 20772 "2019-08-01 18:43:04.727" "DNS - MX Result: 8 IP addresses were found."
"DEBUG" 20772 "2019-08-01 18:43:04.728" "Starting external delivery process. Server: esa-omf-101.abccompany.com (99.99.99.99), Port: 25, Security: 2, User name: "
"DEBUG" 20772 "2019-08-01 18:43:04.729" "Creating session 26"
"TCPIP" 20772 "2019-08-01 18:43:04.730" "Connecting to 99.99.99.99:25..."
"DEBUG" 7484 "2019-08-01 18:43:04.761" "TCP connection started for session 26"
"SMTPC" 7484 26 "2019-08-01 18:43:05.005" "99.99.99.99" "RECEIVED: 220 ********************************"
"SMTPC" 7484 26 "2019-08-01 18:43:05.006" "99.99.99.99" "SENT: EHLO smtp2.xyzcompany.com"
"SMTPC" 18080 26 "2019-08-01 18:43:05.106" "99.99.99.99" "RECEIVED: 250-esa-omf-101.abccompany.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA"
"SMTPC" 18080 26 "2019-08-01 18:43:05.107" "99.99.99.99" "SENT: MAIL FROM:<Support@xyzcompany.com>"
"SMTPC" 13560 26 "2019-08-01 18:43:05.218" "99.99.99.99" "RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"
"SMTPC" 13560 26 "2019-08-01 18:43:05.219" "99.99.99.99" "SENT: QUIT"
"SMTPC" 5780 26 "2019-08-01 18:43:05.251" "99.99.99.99" "RECEIVED: 221 esa-omf-101.abccompany.com"
"DEBUG" 5780 "2019-08-01 18:43:05.252" "Ending session 26"
"DEBUG" 20772 "2019-08-01 18:43:05.252" "External delivery process completed"
"DEBUG" 20772 "2019-08-01 18:43:05.253" "Summarizing delivery result"
"DEBUG" 20772 "2019-08-01 18:43:05.256" "AWStats::LogDeliveryFailure"
"DEBUG" 20772 "2019-08-01 18:43:05.257" "AWStats::LogDeliveryFailure"
"DEBUG" 20772 "2019-08-01 18:43:05.259" "Summarized delivery results"
"DEBUG" 20772 "2019-08-01 18:43:05.260" "SD::SubmitErrorLog_"
"DEBUG" 20772 "2019-08-01 18:43:05.268" "Saving message: {C0CD323F-843A-4C74-BF4D-58A6ECE1FDB7}.eml"
"DEBUG" 20772 "2019-08-01 18:43:05.275" "SD::~SubmitErrorLog_"
"DEBUG" 20772 "2019-08-01 18:43:05.276" "Deleting message"
"DEBUG" 20772 "2019-08-01 18:43:05.278" "Deleting message file."
"APPLICATION" 20772 "2019-08-01 18:43:05.280" "SMTPDeliverer - Message 21924: Message delivery thread completed."
I'm not sure what steps I missed. Any assistance would be greatly appreciated.
SMTP Setting: Here is the log:
"DEBUG" 5780 "2019-08-01 18:43:03.905" "Creating session 25"
"TCPIP" 5780 "2019-08-01 18:43:03.908" "TCP - 10.150.170.98 connected to 10.150.170.98:25."
"DEBUG" 5780 "2019-08-01 18:43:03.912" "TCP connection started for session 23"
"SMTPD" 5780 23 "2019-08-01 18:43:03.913" "10.150.170.98" "SENT: 220 smtp2.xyxcompany.com ESMTP"
"SMTPD" 5780 23 "2019-08-01 18:43:03.914" "10.150.170.98" "RECEIVED: EHLO SERVER"
"SMTPD" 5780 23 "2019-08-01 18:43:03.915" "10.150.170.98" "SENT: 250-smtp2.xyzcompany.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 5780 23 "2019-08-01 18:43:03.916" "10.150.170.98" "RECEIVED: MAIL FROM:<Support@xyzcompany.com>"
"DEBUG" 5780 "2019-08-01 18:43:03.920" "Total spam score: 0"
"SMTPD" 5780 23 "2019-08-01 18:43:03.929" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 4292 23 "2019-08-01 18:43:03.930" "10.150.170.98" "RECEIVED: RCPT TO:<Jane.Publiclino@abccompany.com>"
"SMTPD" 4292 23 "2019-08-01 18:43:03.941" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 14128 23 "2019-08-01 18:43:03.942" "10.150.170.98" "RECEIVED: DATA"
"SMTPD" 14128 23 "2019-08-01 18:43:03.945" "10.150.170.98" "SENT: 354 OK, send."
"DEBUG" 11544 "2019-08-01 18:43:03.948" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 9832 "2019-08-01 18:43:03.948" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 9832 "2019-08-01 18:43:03.954" "Total spam score: 0"
"DEBUG" 9832 "2019-08-01 18:43:03.955" "Saving message: {839024B2-89B2-428E-8DEF-24A2F2EE29A6}.eml"
"DEBUG" 9832 "2019-08-01 18:43:03.990" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 9832 23 "2019-08-01 18:43:03.991" "10.150.170.98" "SENT: 250 Queued (0.000 seconds)"
"DEBUG" 9944 "2019-08-01 18:43:04.006" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 20772 "2019-08-01 18:43:04.007" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 20772 "2019-08-01 18:43:04.013" "Delivering message..."
"APPLICATION" 20772 "2019-08-01 18:43:04.014" "SMTPDeliverer - Message 21924: Delivering message from Support@xyzcompany.com to Jane.Publiclino@abccompany.com. File: G:\Program Files (x86)\hMailServer\Data\{839024B2-89B2-428E-8DEF-24A2F2EE29A6}.eml"
"DEBUG" 20772 "2019-08-01 18:43:04.024" "Applying rules"
"DEBUG" 20772 "2019-08-01 18:43:04.028" "Performing local delivery"
"DEBUG" 20772 "2019-08-01 18:43:04.029" "Local delivery completed"
"TCPIP" 20772 "2019-08-01 18:43:04.031" "DNS MX lookup: abccompany.com"
"TCPIP" 20772 "2019-08-01 18:43:04.727" "DNS - MX Result: 8 IP addresses were found."
"DEBUG" 20772 "2019-08-01 18:43:04.728" "Starting external delivery process. Server: esa-omf-101.abccompany.com (99.99.99.99), Port: 25, Security: 2, User name: "
"DEBUG" 20772 "2019-08-01 18:43:04.729" "Creating session 26"
"TCPIP" 20772 "2019-08-01 18:43:04.730" "Connecting to 99.99.99.99:25..."
"DEBUG" 7484 "2019-08-01 18:43:04.761" "TCP connection started for session 26"
"SMTPC" 7484 26 "2019-08-01 18:43:05.005" "99.99.99.99" "RECEIVED: 220 ********************************"
"SMTPC" 7484 26 "2019-08-01 18:43:05.006" "99.99.99.99" "SENT: EHLO smtp2.xyzcompany.com"
"SMTPC" 18080 26 "2019-08-01 18:43:05.106" "99.99.99.99" "RECEIVED: 250-esa-omf-101.abccompany.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA"
"SMTPC" 18080 26 "2019-08-01 18:43:05.107" "99.99.99.99" "SENT: MAIL FROM:<Support@xyzcompany.com>"
"SMTPC" 13560 26 "2019-08-01 18:43:05.218" "99.99.99.99" "RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"
"SMTPC" 13560 26 "2019-08-01 18:43:05.219" "99.99.99.99" "SENT: QUIT"
"SMTPC" 5780 26 "2019-08-01 18:43:05.251" "99.99.99.99" "RECEIVED: 221 esa-omf-101.abccompany.com"
"DEBUG" 5780 "2019-08-01 18:43:05.252" "Ending session 26"
"DEBUG" 20772 "2019-08-01 18:43:05.252" "External delivery process completed"
"DEBUG" 20772 "2019-08-01 18:43:05.253" "Summarizing delivery result"
"DEBUG" 20772 "2019-08-01 18:43:05.256" "AWStats::LogDeliveryFailure"
"DEBUG" 20772 "2019-08-01 18:43:05.257" "AWStats::LogDeliveryFailure"
"DEBUG" 20772 "2019-08-01 18:43:05.259" "Summarized delivery results"
"DEBUG" 20772 "2019-08-01 18:43:05.260" "SD::SubmitErrorLog_"
"DEBUG" 20772 "2019-08-01 18:43:05.268" "Saving message: {C0CD323F-843A-4C74-BF4D-58A6ECE1FDB7}.eml"
"DEBUG" 20772 "2019-08-01 18:43:05.275" "SD::~SubmitErrorLog_"
"DEBUG" 20772 "2019-08-01 18:43:05.276" "Deleting message"
"DEBUG" 20772 "2019-08-01 18:43:05.278" "Deleting message file."
"APPLICATION" 20772 "2019-08-01 18:43:05.280" "SMTPDeliverer - Message 21924: Message delivery thread completed."
Re: Using STARTTLS for message delivery
Im pretty sure (not 100% but like 99.73%) that you need a certificate in order to use tls of any kind. Do you have a working certificate installed?
Re: Using STARTTLS for message delivery
Thanks for the reply
I created a Self-Signed Certificate and added it.
Not sure where to select it for use.
I created a Self-Signed Certificate and added it.
Not sure where to select it for use.
Re: Using STARTTLS for message delivery
Settings > Advanced > TCP/IP Ports > 0.0.0.0 / 25 / SMTP > Connection Security = STARTTLS (optional) and choose your certificate from the drop down list.
Edit - some servers check certificates (most don't) so in some rare cases, you may still not be able to connect due to your self signed certificate.
LetsEncrypt is free, easy and can be completely automated. Why not give that a shot?
https://www.hmailserver.com/forum/viewt ... 21&t=32593
Re: Using STARTTLS for message delivery
Thanks for the continued assistance.
I created a 30 day certificate from COMODO Certificate Authority. (OpenSSL was used to generate the CSR).
I used https://www.sslchecker.com/matcher to verify the Private Key and Certificate matched.
I added the COMODO root and intermediate certificates to the Windows Certificate Store
I added the certificate to hMailServer and updated 0.0.0.0 / 25 / SMTP settings to use the new certificate.
I still see the "STARTTLS needs to be First" message when the hMailServer tries to deliver an email to a third-party mail server
Any additional thoughts would be appreciated.
I created a 30 day certificate from COMODO Certificate Authority. (OpenSSL was used to generate the CSR).
I used https://www.sslchecker.com/matcher to verify the Private Key and Certificate matched.
I added the COMODO root and intermediate certificates to the Windows Certificate Store
I added the certificate to hMailServer and updated 0.0.0.0 / 25 / SMTP settings to use the new certificate.
I still see the "STARTTLS needs to be First" message when the hMailServer tries to deliver an email to a third-party mail server
Any additional thoughts would be appreciated.
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
You don't need a certificate for outbound TLS.
Under Settings > Protocols > SMTP > Advanced, check Use STARTTLS if Available.
Under Settings > Protocols > SMTP > Delivery of email, if you are using a Relayer, set Connection security to STARTTLS (Optional) if the port is not encrypted (25 or 587).
Under Settings > Protocols > SMTP > Routes, for each Route defined, set Connection security to STARTTLS (Optional), if the port is not encrypted (25 or 587).
Under Settings > Protocols > SMTP > Advanced, check Use STARTTLS if Available.
Under Settings > Protocols > SMTP > Delivery of email, if you are using a Relayer, set Connection security to STARTTLS (Optional) if the port is not encrypted (25 or 587).
Under Settings > Protocols > SMTP > Routes, for each Route defined, set Connection security to STARTTLS (Optional), if the port is not encrypted (25 or 587).
Re: Using STARTTLS for message delivery
The goes my 99.73% confidence level down the toilet.
Re: Using STARTTLS for message delivery
Thanks for the assistance,
Settings > Protocols > SMTP > Advanced: STARTTLS if Available has been checked
We are not using Relayer and we have no Routes.
Here are the Diagnostics
Generated by HMSSettingsDiagnostics v1.96, Hmailserver Forum.
[/code]
Settings > Protocols > SMTP > Advanced: STARTTLS if Available has been checked
We are not using Relayer and we have no Routes.
Here are the Diagnostics
Code: Select all
[code]2019-08-02 Hmailserver: 5.6.7-B2425
DOMAINS
"Domain1.com" - PJxxxxxxxxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True !! 'Spam tests' not enabled !!
POP3: True !! Protocol DISABLED !! Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True !! Protocol DISABLED !! SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True
IP: 10.150.170.0 - 10.150.170.255 Priority: 10 Name: CyrusOne
Allow connections Other
SMTP: True Antispam : True !! 'Spam tests' not enabled !!
POP3: False Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - False
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 30 (0.50 hours, 0.02 days)
Minutes to Autoban: 60 (1.00 hours, 0.04 days)
No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind: 10.150.170.98
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 100
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: False Delivered-To hdr: False
Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
!! Service Not Enabled !!
IMAP
!! Service Not Enabled !!
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: False Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: False
Add X-HmailServer-Subject: False Verify DKIM: False
Spam delete threshold: 20 Maximum message size: 1024
DNSBL ENTRIES:
No 'enabled' entries
SURBL ENTRIES:
No 'enabled' entries
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: False
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
hMail-Self
Certificate: G:\PEmail\P-Email-Certificater.crt
Private key: G:\PEmail\serverde.key
smtp2
Certificate: G:\PEmail\COMODO\smtp2_support_com.crt
Private key: G:\PEmail\COMODO\server2048de.key
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : False
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Optional Cert: smtp2
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - None
0.0.0.0 / 587 / SMTP - None
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: G:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-08-02.log
Error: G:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-08-02.log
Event: G:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: G:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - .
IMAP - .
TCPIP - True
DEBUG - True
AWSTATS - True
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL
IPv6 support is available in operating system.
Backup directory G:\RISC\hMailServer_Backup is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: G:\Program Files (x86)\hMailServer\
Database folder:
Data folder: G:\Program Files (x86)\hMailServer\Data
Log folder: G:\Program Files (x86)\hMailServer\Logs
Temp folder: G:\Program Files (x86)\hMailServer\Temp
Event folder: G:\Program Files (x86)\hMailServer\Events
[Database]
Type= MSSQL
Username= hMailServer
PasswordEncryption=0
Port= 0
Server= riscsqlcl2
Internal= 0
-----------------------------------------------------------------------------------------------
[/code]
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
Hypothesis: STARTTLS is failing the certification validation.
Try disabling Settings > Advanced > SSL/TLS > Verify remote server SSL/TLS certificate.
Try disabling Settings > Advanced > SSL/TLS > Verify remote server SSL/TLS certificate.
Re: Using STARTTLS for message delivery
Thanks for the idea,
I disabled Verify remote server SSL/TSL certificate.
We are still getting the following when delivering mail.
"RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"
I disabled Verify remote server SSL/TSL certificate.
We are still getting the following when delivering mail.
"RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
Send a larger portion of the log. It seems like the remote server is expending authentication.
Re: Using STARTTLS for message delivery
I think this is everything from the log having to do with the message
Code: Select all
"DEBUG" 5188 "2019-08-02 15:28:32.910" "Creating session 9"
"TCPIP" 5188 "2019-08-02 15:28:32.912" "TCP - 10.150.170.98 connected to 10.150.170.98:25."
"DEBUG" 5188 "2019-08-02 15:28:32.913" "TCP connection started for session 7"
"SMTPD" 5188 7 "2019-08-02 15:28:32.914" "10.150.170.98" "SENT: 220 smtp2.pjmtrainingsupport.com ESMTP"
"SMTPD" 18116 7 "2019-08-02 15:28:32.915" "10.150.170.98" "RECEIVED: EHLO RIS-HOU-PROD-03"
"SMTPD" 18116 7 "2019-08-02 15:28:32.916" "10.150.170.98" "SENT: 250-smtp2.pjmtrainingsupport.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 21096 7 "2019-08-02 15:28:32.917" "10.150.170.98" "RECEIVED: MAIL FROM:<TrainingSupport@pjm.com>"
"DEBUG" 21096 "2019-08-02 15:28:32.919" "Total spam score: 0"
"SMTPD" 21096 7 "2019-08-02 15:28:32.922" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 5188 7 "2019-08-02 15:28:32.923" "10.150.170.98" "RECEIVED: RCPT TO:<Artw@constellation.com>"
"SMTPD" 5188 7 "2019-08-02 15:28:32.926" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 18116 7 "2019-08-02 15:28:32.927" "10.150.170.98" "RECEIVED: DATA"
"SMTPD" 18116 7 "2019-08-02 15:28:32.929" "10.150.170.98" "SENT: 354 OK, send."
"DEBUG" 5188 "2019-08-02 15:28:32.932" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 17152 "2019-08-02 15:28:32.933" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 17152 "2019-08-02 15:28:32.934" "Total spam score: 0"
"DEBUG" 17152 "2019-08-02 15:28:32.935" "Saving message: {BB4927A0-2474-47C3-A1AB-A0A217B0CD23}.eml"
"DEBUG" 17152 "2019-08-02 15:28:32.941" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 17152 7 "2019-08-02 15:28:32.942" "10.150.170.98" "SENT: 250 Queued (0.000 seconds)"
"DEBUG" 18880 "2019-08-02 15:28:32.952" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 22556 "2019-08-02 15:28:32.953" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 22556 "2019-08-02 15:28:32.954" "Delivering message..."
"APPLICATION" 22556 "2019-08-02 15:28:32.955" "SMTPDeliverer - Message 21936: Delivering message from TrainingSupport@pjm.com to Artw@constellation.com. File: G:\Program Files (x86)\hMailServer\Data\{BB4927A0-2474-47C3-A1AB-A0A217B0CD23}.eml"
"DEBUG" 22556 "2019-08-02 15:28:32.956" "Applying rules"
"DEBUG" 22556 "2019-08-02 15:28:32.957" "Performing local delivery"
"DEBUG" 22556 "2019-08-02 15:28:32.958" "Local delivery completed"
"TCPIP" 22556 "2019-08-02 15:28:32.960" "DNS MX lookup: constellation.com"
"TCPIP" 22556 "2019-08-02 15:28:33.618" "DNS - MX Result: 8 IP addresses were found."
"DEBUG" 22556 "2019-08-02 15:28:33.619" "Starting external delivery process. Server: esa-omf-101.exeloncorp.com (216.99.189.20), Port: 25, Security: 2, User name: "
"DEBUG" 22556 "2019-08-02 15:28:33.620" "Creating session 10"
"TCPIP" 22556 "2019-08-02 15:28:33.621" "Connecting to 216.99.189.20:25..."
"DEBUG" 19520 "2019-08-02 15:28:33.652" "TCP connection started for session 10"
"SMTPC" 19520 10 "2019-08-02 15:28:33.758" "216.99.189.20" "RECEIVED: 220 ********************************"
"SMTPC" 19520 10 "2019-08-02 15:28:33.759" "216.99.189.20" "SENT: EHLO smtp2.pjmtrainingsupport.com"
"SMTPC" 22332 10 "2019-08-02 15:28:33.862" "216.99.189.20" "RECEIVED: 250-esa-omf-101.exeloncorp.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA"
"SMTPC" 22332 10 "2019-08-02 15:28:33.863" "216.99.189.20" "SENT: MAIL FROM:<TrainingSupport@pjm.com>"
"SMTPC" 2200 10 "2019-08-02 15:28:33.895" "216.99.189.20" "RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"
"SMTPC" 2200 10 "2019-08-02 15:28:33.896" "216.99.189.20" "SENT: QUIT"
"SMTPC" 5188 10 "2019-08-02 15:28:33.926" "216.99.189.20" "RECEIVED: 221 esa-omf-101.exeloncorp.com"
"DEBUG" 5188 "2019-08-02 15:28:33.927" "Ending session 10"
"DEBUG" 22556 "2019-08-02 15:28:33.928" "External delivery process completed"
"DEBUG" 22556 "2019-08-02 15:28:33.929" "Summarizing delivery result"
"DEBUG" 22556 "2019-08-02 15:28:33.931" "AWStats::LogDeliveryFailure"
"DEBUG" 22556 "2019-08-02 15:28:33.932" "AWStats::LogDeliveryFailure"
"DEBUG" 22556 "2019-08-02 15:28:33.934" "Summarized delivery results"
"DEBUG" 22556 "2019-08-02 15:28:33.935" "SD::SubmitErrorLog_"
"DEBUG" 22556 "2019-08-02 15:28:33.939" "Saving message: {A52F3CF3-7484-4914-9676-2870553E746A}.eml"
"DEBUG" 22556 "2019-08-02 15:28:33.945" "SD::~SubmitErrorLog_"
"DEBUG" 22556 "2019-08-02 15:28:33.946" "Deleting message"
"DEBUG" 22556 "2019-08-02 15:28:33.948" "Deleting message file."
"APPLICATION" 22556 "2019-08-02 15:28:33.949" "SMTPDeliverer - Message 21936: Message delivery thread completed."
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
Code: Select all
"SMTPC" 22332 10 "2019-08-02 15:28:33.862" "216.99.189.20" "RECEIVED: 250-esa-omf-101.exeloncorp.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA"
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
Code: Select all
220 esa-omf-101.exeloncorp.com ESMTP
EHLO xxx
250-esa-omf-101.exeloncorp.com
250-8BITMIME
250-SIZE 20971520
250 STARTTLS
Re: Using STARTTLS for message delivery
I'm guessing that the sender domain is actually hosted on that SMTP server, and that the FROM is seen as a local address on that machine, and the end server requires SSL/TLS for AUTH
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Using STARTTLS for message delivery
Thanks for the continued assistance.
I asked support for the receiving mail server for their thoughts on the missing STARTTLS and RFC 3207.
Not sure I completely understand how to test the situation in mattg's Domain comment. The sender domain is different from the mail server domain, but I'll explore this.
Any other thoughts would be appreciated.
I asked support for the receiving mail server for their thoughts on the missing STARTTLS and RFC 3207.
Not sure I completely understand how to test the situation in mattg's Domain comment. The sender domain is different from the mail server domain, but I'll explore this.
Any other thoughts would be appreciated.
Re: Using STARTTLS for message delivery
This IS a misconfiguration
Either the receiving server is broken
OR
You are you using a domain on your server that you don't necessarily have rights to, and the recipient server is ALSO hosting the same domain
Either the receiving server is broken
OR
You are you using a domain on your server that you don't necessarily have rights to, and the recipient server is ALSO hosting the same domain
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
I wonder if the remote server has been configured to require secure connections, but a certificate has not been properly configured or has expired and the server was restarted, resulting in a mismatch between the ELHO verb response and the MAIL verb response.
Re: Using STARTTLS for message delivery
MXToolbox suggests that all is well with the remote server
I own the domain that the local server is in and have created the appropriate SPF record.
The local server sends emails to 100's of other domains, however the remote server we are having issues with might be the only server that requires STARTTLS. In fact I see no instances in the logs where STARTTLS was found from any of the 100's of email servers that we interface with.
The sending server has no accounts and exists for accepting emails generated by a set of local applications and forward them remote email servers.
I own the domain that the local server is in and have created the appropriate SPF record.
The local server sends emails to 100's of other domains, however the remote server we are having issues with might be the only server that requires STARTTLS. In fact I see no instances in the logs where STARTTLS was found from any of the 100's of email servers that we interface with.
The sending server has no accounts and exists for accepting emails generated by a set of local applications and forward them remote email servers.
Re: Using STARTTLS for message delivery
Anyone with a server that requires STARTTLS interested in receiving a test note?
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
I think you really need to focus on the discrepancy between what hMailServer is seeing as the EHLO response verses what mxtoolbox.com is reporting.
If you issue a telnet command from the hMailServer host to the remote host esa-omf-101.exeloncorp.com on port 25, and issue the EHLO verb, do you see STARTTLS in the response?
If you issue a telnet command from the hMailServer host to the remote host esa-omf-101.exeloncorp.com on port 25, and issue the EHLO verb, do you see STARTTLS in the response?
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Using STARTTLS for message delivery
Some anti-virus software may block email over secure connections becuase these emails are harder to scan. So it is conceivable that such an implementation might replace the STARTTLS keywork in the ELHO with something else, like the XXXXXXXA you are seeing.
Also could be this bug: https://www.cisco.com/c/en/us/support/d ... sa-00.html
Also could be this bug: https://www.cisco.com/c/en/us/support/d ... sa-00.html
Re: Using STARTTLS for message delivery
I've sent you a private message VinceO
I agree with mikedibella though
When I test that server, I get a StartTLS response.
I think you have Antivirus or an EDGE device that 'inspects' mail that gets in the way...
I agree with mikedibella though
When I test that server, I get a StartTLS response.
I think you have Antivirus or an EDGE device that 'inspects' mail that gets in the way...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Using STARTTLS for message delivery
Thanks for your assistance.
The firewall had ESMTP inspection enabled and TLS was not allowed.
Since we only have outgoing mail, we decided to disable ESMTP inspection.
The firewall had ESMTP inspection enabled and TLS was not allowed.
Since we only have outgoing mail, we decided to disable ESMTP inspection.
Re: Using STARTTLS for message delivery
you need to set TCP/IP ports 25: STARTTLS REQUIRED!
Re: Using STARTTLS for message delivery
Uh, unless you won't like to receive mail you never do that!
Optional is the way to go for port 25
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup