Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Broken SSL/TLS SMTP authentication with Outlook Express

Hi All,
I've created two ports for SMTP-Authentication with required SSL/TLS : port 25 and port 587. Everythings work fine on port 25 (both smtp-auth and ssl/tls works).

But when using Outlook Express with port 587, the problems happens:

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'pop.cbn.net.id', Server: 'smtps.cbn.net.id', Protocol: SMTP, Port: 587, Secure(SSL): Yes, Error Number: 0x800CCC0F

I've already disable windows firewall, Desktop Antivirus etc. but still not works.

Does anyone has the same problem? Thank you.

4 REPLIES
New Member

Re: Broken SSL/TLS SMTP authentication with Outlook Express

any errors in the log files?

New Member

Re: Broken SSL/TLS SMTP authentication with Outlook Express

Not all, it seems it doesn't even reach the box. So I guess there's still a bugs on Outlook Express if using SMTP Auth with TSL using different port other than 25.

If using TLS + SMTP Auth on default port 25, it works fine.

New Member

Re: Broken SSL/TLS SMTP authentication with Outlook Express

Well so tired findings solutions for this :)

Since most of our customers using Outlook Express, and in fact, OE is only support STARTTLS using port 25 (other that that will not working).

So, I just wondering if there are any plans for IronPort developers to re-activate the SSL support in IronPort (right now support TLS only, which is newer than SSL).

If the IronPort already support SSL, I might consider using port 465 for those OE users' (465 is for SSL and 587 is for TLS).

TIA

New Member

Re: Broken SSL/TLS SMTP authentication with Outlook Express

Sorry I'm a little late to the party.

This is a bug in OE. It is attempting to do an SSL negotiation immediately when the connection opens, like what a web browser does for HTTPS connections, rather than using the STARTTLS mechanism to start TLS in the middle of the connection. In other words, it's attempting to use the old, never actually standardized SMTPS protocol if you attempt to do secure SMTP on any port other than 25. When we deployed mandatory SSL/TLS here, we had to deploy an SMTPS server on port 465, just for OE users (our mail relay server is not an IronPort).

SMTPS was never standardized, never even made it past one Internet-Draft. It's allocation of port 465 was later revoked by IANA and reassigned to another protocol. Yet it was treated as gospel by many mail client authors. I refused to support it on our mail server until it became obvious that OE simply wouldn't work otherwise (getting correct STARTTLS operation by using port 25 is not always available because of ISPs doing port 25 blocking). I don't blame IronPort in the least for not supporting it, although it does make this situation harder to resolve.

I have learned to hate OE.

1503
Views
0
Helpful
4
Replies
CreatePlease login to create content