A good friend and domino administrator called me today and said that there TLS connection on one domino server isn´t working like expected.

I connected to the domino server and set "SMTPCLIENTDEBUG=1" after that I got the output seen here. If you are familiar with the EHLO command you can see that we get a "250-XXXXXXXA" instead a "250-STARTTLS" in short that means the Domino server isn´t able to communicate over a encrypted connection. You can see also that the remote mailserver forced "STARTTLS" and thats the reason why the mail send failed.

A deeper look into there network showed that they connected this domino server to a "Microsoft ISA Server Firewall" and this server tried to analyze every kind of traffic which goes true it and that "destroyed" the TLS connection. After the company switched this server to a SUN Firewall everything was working like expected.

 

2010-02-01 08:37:24   [1078:001D-073C] SMTPClient: Attempting to Connect: Host xxxx.xxxxx.com, Port 25, SSL Port 0, Connecting Domain xxxxxxx.xxxxxxxxx.xx
2010-02-01 08:37:25   [1078:001D-073C] SMTPClient: Connection successful
2010-02-01 08:37:25   [1078:001D-073C] SMTPClient: ReceiveResponse: 220 *********************************
2010-02-01 08:37:25   [1078:001D-073C] SMTPClient: CommandEHLO: EHLO
xxxxxxx.xxxxxxxxx.xx
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-xxxx.xxxxx.com
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-PIPELINING
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-SIZE 10485760
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-ETRN
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-XXXXXXXA
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250-ENHANCEDSTATUSCODES
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250 8BITMIME
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: SMTP Authentication is not required by local server.  Username: -blank-
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Attempting to SubmitMessage:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Pipelined commands:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: MAIL FROM:<This email address is being protected from spambots. You need JavaScript enabled to view it.> BODY=8BITMIME SIZE=5126
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: RCPT TO:<
This email address is being protected from spambots. You need JavaScript enabled to view it.>
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: DATA
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: End of pipelined commands
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 530 Must issue a STARTTLS command first
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 503 5.5.1 Error: need MAIL command
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 503 5.5.1 Error: need RCPT command
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: CommandRSET:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 250 2.0.0 Ok
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Attempting to Disconnect:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: CommandQUIT:
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: ReceiveResponse: 221 2.0.0 Bye
2010-02-01 08:37:26   [1078:001D-073C] SMTPClient: Connection terminated successfully
2010-02-01 08:37:26   Router: No messages transferred to xxxx.COM (host
xxxx.xxxxx.com) via SMTP

Note: That doesn´t means that a "Microsoft ISA Server Firewall" and Domino didn´t play well together, maybe both would if the "Microsoft ISA Server Firewall" could be configured correctly.

Leave your comments

Post comment as a guest

0

Comments

    • No comments found