Using STARTTLS for message delivery

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Using STARTTLS for message delivery

Post by VinceO » 2019-08-02 15:40

I am new to hMailerServer and am using hMailServer 5.6.7-B2425. I am trying to send mail to a server that is complaining "This sender must issue a STARTTLS command first".

I'm not sure what steps I missed. Any assistance would be greatly appreciated.

SMTP Setting:
SMTP.png
SMTP.png (6.84 KiB) Viewed 1544 times
Here is the log:
"DEBUG" 5780 "2019-08-01 18:43:03.905" "Creating session 25"
"TCPIP" 5780 "2019-08-01 18:43:03.908" "TCP - 10.150.170.98 connected to 10.150.170.98:25."
"DEBUG" 5780 "2019-08-01 18:43:03.912" "TCP connection started for session 23"
"SMTPD" 5780 23 "2019-08-01 18:43:03.913" "10.150.170.98" "SENT: 220 smtp2.xyxcompany.com ESMTP"
"SMTPD" 5780 23 "2019-08-01 18:43:03.914" "10.150.170.98" "RECEIVED: EHLO SERVER"
"SMTPD" 5780 23 "2019-08-01 18:43:03.915" "10.150.170.98" "SENT: 250-smtp2.xyzcompany.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 5780 23 "2019-08-01 18:43:03.916" "10.150.170.98" "RECEIVED: MAIL FROM:<Support@xyzcompany.com>"
"DEBUG" 5780 "2019-08-01 18:43:03.920" "Total spam score: 0"
"SMTPD" 5780 23 "2019-08-01 18:43:03.929" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 4292 23 "2019-08-01 18:43:03.930" "10.150.170.98" "RECEIVED: RCPT TO:<Jane.Publiclino@abccompany.com>"
"SMTPD" 4292 23 "2019-08-01 18:43:03.941" "10.150.170.98" "SENT: 250 OK"
"SMTPD" 14128 23 "2019-08-01 18:43:03.942" "10.150.170.98" "RECEIVED: DATA"
"SMTPD" 14128 23 "2019-08-01 18:43:03.945" "10.150.170.98" "SENT: 354 OK, send."
"DEBUG" 11544 "2019-08-01 18:43:03.948" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 9832 "2019-08-01 18:43:03.948" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 9832 "2019-08-01 18:43:03.954" "Total spam score: 0"
"DEBUG" 9832 "2019-08-01 18:43:03.955" "Saving message: {839024B2-89B2-428E-8DEF-24A2F2EE29A6}.eml"
"DEBUG" 9832 "2019-08-01 18:43:03.990" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 9832 23 "2019-08-01 18:43:03.991" "10.150.170.98" "SENT: 250 Queued (0.000 seconds)"
"DEBUG" 9944 "2019-08-01 18:43:04.006" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 20772 "2019-08-01 18:43:04.007" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 20772 "2019-08-01 18:43:04.013" "Delivering message..."
"APPLICATION" 20772 "2019-08-01 18:43:04.014" "SMTPDeliverer - Message 21924: Delivering message from Support@xyzcompany.com to Jane.Publiclino@abccompany.com. File: G:\Program Files (x86)\hMailServer\Data\{839024B2-89B2-428E-8DEF-24A2F2EE29A6}.eml"
"DEBUG" 20772 "2019-08-01 18:43:04.024" "Applying rules"
"DEBUG" 20772 "2019-08-01 18:43:04.028" "Performing local delivery"
"DEBUG" 20772 "2019-08-01 18:43:04.029" "Local delivery completed"
"TCPIP" 20772 "2019-08-01 18:43:04.031" "DNS MX lookup: abccompany.com"
"TCPIP" 20772 "2019-08-01 18:43:04.727" "DNS - MX Result: 8 IP addresses were found."
"DEBUG" 20772 "2019-08-01 18:43:04.728" "Starting external delivery process. Server: esa-omf-101.abccompany.com (99.99.99.99), Port: 25, Security: 2, User name: "
"DEBUG" 20772 "2019-08-01 18:43:04.729" "Creating session 26"
"TCPIP" 20772 "2019-08-01 18:43:04.730" "Connecting to 99.99.99.99:25..."
"DEBUG" 7484 "2019-08-01 18:43:04.761" "TCP connection started for session 26"
"SMTPC" 7484 26 "2019-08-01 18:43:05.005" "99.99.99.99" "RECEIVED: 220 ********************************"
"SMTPC" 7484 26 "2019-08-01 18:43:05.006" "99.99.99.99" "SENT: EHLO smtp2.xyzcompany.com"
"SMTPC" 18080 26 "2019-08-01 18:43:05.106" "99.99.99.99" "RECEIVED: 250-esa-omf-101.abccompany.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA"
"SMTPC" 18080 26 "2019-08-01 18:43:05.107" "99.99.99.99" "SENT: MAIL FROM:<Support@xyzcompany.com>"
"SMTPC" 13560 26 "2019-08-01 18:43:05.218" "99.99.99.99" "RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"
"SMTPC" 13560 26 "2019-08-01 18:43:05.219" "99.99.99.99" "SENT: QUIT"
"SMTPC" 5780 26 "2019-08-01 18:43:05.251" "99.99.99.99" "RECEIVED: 221 esa-omf-101.abccompany.com"
"DEBUG" 5780 "2019-08-01 18:43:05.252" "Ending session 26"
"DEBUG" 20772 "2019-08-01 18:43:05.252" "External delivery process completed"
"DEBUG" 20772 "2019-08-01 18:43:05.253" "Summarizing delivery result"
"DEBUG" 20772 "2019-08-01 18:43:05.256" "AWStats::LogDeliveryFailure"
"DEBUG" 20772 "2019-08-01 18:43:05.257" "AWStats::LogDeliveryFailure"
"DEBUG" 20772 "2019-08-01 18:43:05.259" "Summarized delivery results"
"DEBUG" 20772 "2019-08-01 18:43:05.260" "SD::SubmitErrorLog_"
"DEBUG" 20772 "2019-08-01 18:43:05.268" "Saving message: {C0CD323F-843A-4C74-BF4D-58A6ECE1FDB7}.eml"
"DEBUG" 20772 "2019-08-01 18:43:05.275" "SD::~SubmitErrorLog_"
"DEBUG" 20772 "2019-08-01 18:43:05.276" "Deleting message"
"DEBUG" 20772 "2019-08-01 18:43:05.278" "Deleting message file."
"APPLICATION" 20772 "2019-08-01 18:43:05.280" "SMTPDeliverer - Message 21924: Message delivery thread completed."

palinka
Senior user
Senior user
Posts: 1275
Joined: 2017-09-12 17:57

Re: Using STARTTLS for message delivery

Post by palinka » 2019-08-02 15:51

Im pretty sure (not 100% but like 99.73%) that you need a certificate in order to use tls of any kind. Do you have a working certificate installed?

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-02 16:04

Thanks for the reply

I created a Self-Signed Certificate and added it.
Cert.png
Not sure where to select it for use.

palinka
Senior user
Senior user
Posts: 1275
Joined: 2017-09-12 17:57

Re: Using STARTTLS for message delivery

Post by palinka » 2019-08-02 16:11

VinceO wrote:
2019-08-02 16:04
Thanks for the reply

I created a Self-Signed Certificate and added it.

Not sure where to select it for use.
Settings > Advanced > TCP/IP Ports > 0.0.0.0 / 25 / SMTP > Connection Security = STARTTLS (optional) and choose your certificate from the drop down list.

Edit - some servers check certificates (most don't) so in some rare cases, you may still not be able to connect due to your self signed certificate.

LetsEncrypt is free, easy and can be completely automated. Why not give that a shot?

https://www.hmailserver.com/forum/viewt ... 21&t=32593

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-02 17:57

Thanks for the continued assistance.

I created a 30 day certificate from COMODO Certificate Authority. (OpenSSL was used to generate the CSR).

I used https://www.sslchecker.com/matcher to verify the Private Key and Certificate matched.

I added the COMODO root and intermediate certificates to the Windows Certificate Store

I added the certificate to hMailServer and updated 0.0.0.0 / 25 / SMTP settings to use the new certificate.

I still see the "STARTTLS needs to be First" message when the hMailServer tries to deliver an email to a third-party mail server

Any additional thoughts would be appreciated.

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-02 18:18

You don't need a certificate for outbound TLS.

Under Settings > Protocols > SMTP > Advanced, check Use STARTTLS if Available.

Under Settings > Protocols > SMTP > Delivery of email, if you are using a Relayer, set Connection security to STARTTLS (Optional) if the port is not encrypted (25 or 587).

Under Settings > Protocols > SMTP > Routes, for each Route defined, set Connection security to STARTTLS (Optional), if the port is not encrypted (25 or 587).

palinka
Senior user
Senior user
Posts: 1275
Joined: 2017-09-12 17:57

Re: Using STARTTLS for message delivery

Post by palinka » 2019-08-02 18:25

The goes my 99.73% confidence level down the toilet. :mrgreen:

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-02 18:37

Thanks for the assistance,

Settings > Protocols > SMTP > Advanced: STARTTLS if Available has been checked

We are not using Relayer and we have no Routes.

Here are the Diagnostics

Code: Select all

[code]2019-08-02   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - PJxxxxxxxxxxxxxxxx.com         Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False   
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True !! 'Spam tests' not enabled !!
     POP3:   True !! Protocol DISABLED !!      Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True !! Protocol DISABLED !!      SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 10.150.170.0 - 10.150.170.255     Priority: 10     Name: CyrusOne

  Allow connections                         Other
     SMTP:   True                              Antispam :   True !! 'Spam tests' not enabled !!
     POP3:  False                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:  False                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External - False


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      3
                              Minutes Before Reset:           30  (0.50 hours, 0.02 days)
                              Minutes to Autoban:             60  (1.00 hours, 0.04 days)

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:        False  Bind: 10.150.170.98
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:  False  Delivered-To hdr: False
                                                                         Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
 !! Service Not Enabled !!

IMAP
 !! Service Not Enabled !!
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:           False        Use Spamassassin:   False
  Add X-HmailServer-Spam:     True    Check HELO host:   False    
  Add X-HmailServer-Reason:   True    Check MX records:  False    
  Add X-HmailServer-Subject: False    Verify DKIM:       False    

  Spam delete threshold: 20         Maximum message size: 1024

DNSBL ENTRIES:
   No 'enabled' entries

SURBL ENTRIES:
   No 'enabled' entries

GREYLISTING:
  Greylisting:  False

WHITELISTING
   No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS:  No application configured.

  Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   hMail-Self
       Certificate: G:\PEmail\P-Email-Certificater.crt
       Private key: G:\PEmail\serverde.key
   smtp2
       Certificate: G:\PEmail\COMODO\smtp2_support_com.crt
       Private key: G:\PEmail\COMODO\server2048de.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Optional   Cert: smtp2
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   None                
               0.0.0.0         / 587   / SMTP   -   None                
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  G:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-08-02.log
    Error:    G:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-08-02.log
    Event:    G:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  G:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -    True
                        DEBUG       -    True
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL

IPv6 support is available in operating system.

Backup directory G:\RISC\hMailServer_Backup is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  G:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     G:\Program Files (x86)\hMailServer\Data
Log folder:      G:\Program Files (x86)\hMailServer\Logs
Temp folder:     G:\Program Files (x86)\hMailServer\Temp
Event folder:    G:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MSSQL
Username=          hMailServer
PasswordEncryption=0
Port=              0
Server=            riscsqlcl2
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.96, Hmailserver Forum.
[/code]

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-02 20:03

Hypothesis: STARTTLS is failing the certification validation.

Try disabling Settings > Advanced > SSL/TLS > Verify remote server SSL/TLS certificate.

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-02 20:35

Thanks for the idea,

I disabled Verify remote server SSL/TSL certificate.

We are still getting the following when delivering mail.

"RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-02 20:56

Send a larger portion of the log. It seems like the remote server is expending authentication.

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-02 21:35

I think this is everything from the log having to do with the message

Code: Select all

"DEBUG"	5188	"2019-08-02 15:28:32.910"	"Creating session 9"
"TCPIP"	5188	"2019-08-02 15:28:32.912"	"TCP - 10.150.170.98 connected to 10.150.170.98:25."
"DEBUG"	5188	"2019-08-02 15:28:32.913"	"TCP connection started for session 7"
"SMTPD"	5188	7	"2019-08-02 15:28:32.914"	"10.150.170.98"	"SENT: 220 smtp2.pjmtrainingsupport.com ESMTP"
"SMTPD"	18116	7	"2019-08-02 15:28:32.915"	"10.150.170.98"	"RECEIVED: EHLO RIS-HOU-PROD-03"
"SMTPD"	18116	7	"2019-08-02 15:28:32.916"	"10.150.170.98"	"SENT: 250-smtp2.pjmtrainingsupport.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	21096	7	"2019-08-02 15:28:32.917"	"10.150.170.98"	"RECEIVED: MAIL FROM:<TrainingSupport@pjm.com>"
"DEBUG"	21096	"2019-08-02 15:28:32.919"	"Total spam score: 0"
"SMTPD"	21096	7	"2019-08-02 15:28:32.922"	"10.150.170.98"	"SENT: 250 OK"
"SMTPD"	5188	7	"2019-08-02 15:28:32.923"	"10.150.170.98"	"RECEIVED: RCPT TO:<Artw@constellation.com>"
"SMTPD"	5188	7	"2019-08-02 15:28:32.926"	"10.150.170.98"	"SENT: 250 OK"
"SMTPD"	18116	7	"2019-08-02 15:28:32.927"	"10.150.170.98"	"RECEIVED: DATA"
"SMTPD"	18116	7	"2019-08-02 15:28:32.929"	"10.150.170.98"	"SENT: 354 OK, send."
"DEBUG"	5188	"2019-08-02 15:28:32.932"	"Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG"	17152	"2019-08-02 15:28:32.933"	"Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG"	17152	"2019-08-02 15:28:32.934"	"Total spam score: 0"
"DEBUG"	17152	"2019-08-02 15:28:32.935"	"Saving message: {BB4927A0-2474-47C3-A1AB-A0A217B0CD23}.eml"
"DEBUG"	17152	"2019-08-02 15:28:32.941"	"Requesting SMTPDeliveryManager to start message delivery"
"SMTPD"	17152	7	"2019-08-02 15:28:32.942"	"10.150.170.98"	"SENT: 250 Queued (0.000 seconds)"
"DEBUG"	18880	"2019-08-02 15:28:32.952"	"Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG"	22556	"2019-08-02 15:28:32.953"	"Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG"	22556	"2019-08-02 15:28:32.954"	"Delivering message..."
"APPLICATION"	22556	"2019-08-02 15:28:32.955"	"SMTPDeliverer - Message 21936: Delivering message from TrainingSupport@pjm.com to Artw@constellation.com. File: G:\Program Files (x86)\hMailServer\Data\{BB4927A0-2474-47C3-A1AB-A0A217B0CD23}.eml"
"DEBUG"	22556	"2019-08-02 15:28:32.956"	"Applying rules"
"DEBUG"	22556	"2019-08-02 15:28:32.957"	"Performing local delivery"
"DEBUG"	22556	"2019-08-02 15:28:32.958"	"Local delivery completed"
"TCPIP"	22556	"2019-08-02 15:28:32.960"	"DNS MX lookup: constellation.com"
"TCPIP"	22556	"2019-08-02 15:28:33.618"	"DNS - MX Result: 8 IP addresses were found."
"DEBUG"	22556	"2019-08-02 15:28:33.619"	"Starting external delivery process. Server: esa-omf-101.exeloncorp.com (216.99.189.20), Port: 25, Security: 2, User name: "
"DEBUG"	22556	"2019-08-02 15:28:33.620"	"Creating session 10"
"TCPIP"	22556	"2019-08-02 15:28:33.621"	"Connecting to 216.99.189.20:25..."
"DEBUG"	19520	"2019-08-02 15:28:33.652"	"TCP connection started for session 10"
"SMTPC"	19520	10	"2019-08-02 15:28:33.758"	"216.99.189.20"	"RECEIVED: 220 ********************************"
"SMTPC"	19520	10	"2019-08-02 15:28:33.759"	"216.99.189.20"	"SENT: EHLO smtp2.pjmtrainingsupport.com"
"SMTPC"	22332	10	"2019-08-02 15:28:33.862"	"216.99.189.20"	"RECEIVED: 250-esa-omf-101.exeloncorp.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA"
"SMTPC"	22332	10	"2019-08-02 15:28:33.863"	"216.99.189.20"	"SENT: MAIL FROM:<TrainingSupport@pjm.com>"
"SMTPC"	2200	10	"2019-08-02 15:28:33.895"	"216.99.189.20"	"RECEIVED: 530 #5.7.0 This sender must issue a STARTTLS command first"
"SMTPC"	2200	10	"2019-08-02 15:28:33.896"	"216.99.189.20"	"SENT: QUIT"
"SMTPC"	5188	10	"2019-08-02 15:28:33.926"	"216.99.189.20"	"RECEIVED: 221 esa-omf-101.exeloncorp.com"
"DEBUG"	5188	"2019-08-02 15:28:33.927"	"Ending session 10"
"DEBUG"	22556	"2019-08-02 15:28:33.928"	"External delivery process completed"
"DEBUG"	22556	"2019-08-02 15:28:33.929"	"Summarizing delivery result"
"DEBUG"	22556	"2019-08-02 15:28:33.931"	"AWStats::LogDeliveryFailure"
"DEBUG"	22556	"2019-08-02 15:28:33.932"	"AWStats::LogDeliveryFailure"
"DEBUG"	22556	"2019-08-02 15:28:33.934"	"Summarized delivery results"
"DEBUG"	22556	"2019-08-02 15:28:33.935"	"SD::SubmitErrorLog_"
"DEBUG"	22556	"2019-08-02 15:28:33.939"	"Saving message: {A52F3CF3-7484-4914-9676-2870553E746A}.eml"
"DEBUG"	22556	"2019-08-02 15:28:33.945"	"SD::~SubmitErrorLog_"
"DEBUG"	22556	"2019-08-02 15:28:33.946"	"Deleting message"
"DEBUG"	22556	"2019-08-02 15:28:33.948"	"Deleting message file."
"APPLICATION"	22556	"2019-08-02 15:28:33.949"	"SMTPDeliverer - Message 21936: Message delivery thread completed."

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-03 00:08

Code: Select all

"SMTPC"	22332	10	"2019-08-02 15:28:33.862"	"216.99.189.20"	"RECEIVED: 250-esa-omf-101.exeloncorp.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA"
The remote server is not RFC compliant. This is not advertising that it supports STARTTLS in response to the EHLO verb, so hMailServer thinks it does not. You can not fix this issue, the remote server's operator has to.

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-03 00:41

Code: Select all

220 esa-omf-101.exeloncorp.com ESMTP
EHLO xxx
250-esa-omf-101.exeloncorp.com
250-8BITMIME
250-SIZE 20971520
250 STARTTLS
This is what I get when I query that SMTP host. I'm not sure why STARTTLS isn't showing in the logging you provided. Unless hMailServer sees STARTTLS in the EHLO response, it won't try to secure the connection.

User avatar
mattg
Moderator
Moderator
Posts: 20281
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Using STARTTLS for message delivery

Post by mattg » 2019-08-03 02:04

I'm guessing that the sender domain is actually hosted on that SMTP server, and that the FROM is seen as a local address on that machine, and the end server requires SSL/TLS for AUTH
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-05 15:42

Thanks for the continued assistance.

I asked support for the receiving mail server for their thoughts on the missing STARTTLS and RFC 3207.

Not sure I completely understand how to test the situation in mattg's Domain comment. The sender domain is different from the mail server domain, but I'll explore this.

Any other thoughts would be appreciated.

User avatar
mattg
Moderator
Moderator
Posts: 20281
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Using STARTTLS for message delivery

Post by mattg » 2019-08-06 00:48

This IS a misconfiguration
Either the receiving server is broken
OR
You are you using a domain on your server that you don't necessarily have rights to, and the recipient server is ALSO hosting the same domain
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-06 04:24

I wonder if the remote server has been configured to require secure connections, but a certificate has not been properly configured or has expired and the server was restarted, resulting in a mismatch between the ELHO verb response and the MAIL verb response.

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-07 20:26

MXToolbox suggests that all is well with the remote server
mxtoolbox.png
I own the domain that the local server is in and have created the appropriate SPF record.

The local server sends emails to 100's of other domains, however the remote server we are having issues with might be the only server that requires STARTTLS. In fact I see no instances in the logs where STARTTLS was found from any of the 100's of email servers that we interface with.

The sending server has no accounts and exists for accepting emails generated by a set of local applications and forward them remote email servers.

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-07 22:38

Anyone with a server that requires STARTTLS interested in receiving a test note?

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-07 22:47

I think you really need to focus on the discrepancy between what hMailServer is seeing as the EHLO response verses what mxtoolbox.com is reporting.

If you issue a telnet command from the hMailServer host to the remote host esa-omf-101.exeloncorp.com on port 25, and issue the EHLO verb, do you see STARTTLS in the response?

mikedibella
Normal user
Normal user
Posts: 181
Joined: 2016-12-08 02:21

Re: Using STARTTLS for message delivery

Post by mikedibella » 2019-08-07 23:06

Some anti-virus software may block email over secure connections becuase these emails are harder to scan. So it is conceivable that such an implementation might replace the STARTTLS keywork in the ELHO with something else, like the XXXXXXXA you are seeing.

Also could be this bug: https://www.cisco.com/c/en/us/support/d ... sa-00.html

User avatar
mattg
Moderator
Moderator
Posts: 20281
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Using STARTTLS for message delivery

Post by mattg » 2019-08-08 01:16

I've sent you a private message VinceO

I agree with mikedibella though
When I test that server, I get a StartTLS response.
I think you have Antivirus or an EDGE device that 'inspects' mail that gets in the way...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

VinceO
New user
New user
Posts: 10
Joined: 2019-08-02 15:20

Re: Using STARTTLS for message delivery

Post by VinceO » 2019-08-13 00:50

Thanks for your assistance.

The firewall had ESMTP inspection enabled and TLS was not allowed.

Since we only have outgoing mail, we decided to disable ESMTP inspection.

Post Reply