A good friend and domino administrator called me today and said that there TLS connection on one domino server isn´t working like expected.

I connected to the domino server and set "SMTPCLIENTDEBUG=1" after that I got the output seen here. If you are familiar with the EHLO command you can see that we get a "250-XXXXXXXA" instead a "250-STARTTLS" in short that means the Domino server isn´t able to communicate over a encrypted connection. You can see also that the remote mailserver forced "STARTTLS" and thats the reason why the mail send failed.

A deeper look into there network showed that they connected this domino server to a "Microsoft ISA Server Firewall" and this server tried to analyze every kind of traffic which goes true it and that "destroyed" the TLS connection. After the company switched this server to a SUN Firewall everything was working like expected.

 

2010-02-01 08:37:24   [1078:001D-073C] SMTPClient: Attempting to Connect: Host xxxx.xxxxx.com, Port 25, SSL Port 0, Connecting Domain xxxxxxx.xxxxxxxxx.xx
2010-02-01 08:37:25   [1078:001D-073C] SMTPClient: Connection successful
2010-02-01 08:37:25   [1078:001D-073C] SMTPClient: ReceiveResponse: 220 *********************************
2010-02-01 08:37:25   [1078:001D-073C] SMTPClient: CommandEHLO: EHLO
xxxxxxx.xxxxxxxxx.xx
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-xxxx.xxxxx.com
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-PIPELINING
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-SIZE 10485760
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-ETRN
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-XXXXXXXA
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-ENHANCEDSTATUSCODES
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250 8BITMIME
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: SMTP Authentication is not required by local server.  Username: -blank-
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Attempting to SubmitMessage:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Pipelined commands:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: MAIL FROM:<This email address is being protected from spambots. You need JavaScript enabled to view it.> BODY=8BITMIME SIZE=5126
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: RCPT TO:<
This email address is being protected from spambots. You need JavaScript enabled to view it.>
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: DATA
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: End of pipelined commands
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 530 Must issue a STARTTLS command first
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 503 5.5.1 Error: need MAIL command
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 503 5.5.1 Error: need RCPT command
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: CommandRSET:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250 2.0.0 Ok
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Attempting to Disconnect:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: CommandQUIT:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 221 2.0.0 Bye
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Connection terminated successfully
2010-02-01 08:37:26   Router: No messages transferred to xxxx.COM (host
xxxx.xxxxx.com) via SMTP

Note: That doesn´t means that a "Microsoft ISA Server Firewall" and Domino didn´t play well together, maybe both would if the "Microsoft ISA Server Firewall" could be configured correctly.




IBM released today the FP1 for Lotus Notes/Domino 8.5.1.

The fixpack included support for Notes on Windows 7 and Snow Leopard (Mac OS X 10.6.2).

Additional information about this Fix Pack, including a list of fixes, is available in the Notes/Domino 8.5.1 Fix Pack 1 Release Notice.

The IBM Technote 4025721 provides download information for IBM Lotus Notes and Domino 8.5.1  Fix Pack 1:

A list of fixes can be found here.




- Installation from Domino on Debian Lenny without graphic (Desktop)

- apt-get update

- apt-get dist-upgrade

- apt-get install libstdc++5 libxmu6 libxp6 libxp-java libxtst6 gawk ssh xserver-xorg-core

- create notes User and notes group anlegen: adduser notes

- copy domino installer to /opt/install

- tar xvf IBM Lotus Domino Server.......

- Install domino server: ./install console

- Open console via client: ssh -X root@server