Mailing List Archive: exim: users

TLS on connect and Microsoft MUA confusion.

Index | Next | Previous | View Threaded

chris.kruger at gmail

Jun 25, 2012, 7:11 PM

Post #1 of 4 (287 views)
Permalink

TLS on connect and Microsoft MUA confusion.

Hello Exim Sages,

I've been running Exim for a close to two years now without many
issues; but I've had this persistent inability to configure Exim to
work with authenticate on send in conjunction with some of the
Microsoft MUAs.

Now i know these MUAs are often not compliant etc but I am also aware
it's possible to massage Exim into working with them. I've tried
several times but I'm now reaching out for help.

I'm currently running Exim 4.72. In my Exim configuration file I have

daemon_smtp_port = smtp : smtps : submission # 25, 465, 587
tls_on_connect_ports = 465

Now in my log file it tells me Exim has started with STMP on ports 25,
and 587 and SMTPS on port 465. So that looks correct for working with
Microsoft MUA's but when I try to connect using 465 and SSL using
Windows Live Mail for example, I get the error message in my log file:

"SMTP protocol synchronization error (input sent without waiting for
greeting):"

If understand correctly this is characteristic of tls on connect problems ?

Furthermore; to confuse me further; when I start exim using
-tls-on-connect at the command line - it works with my Microsoft MUA
without issue. I though perhaps it was connecting to another port that
465 but I saw no evidence of this, in fact both other ports (25, 587)
are firewalled from client.

Does -tls-on-connect do something slightly different from the config
directive tls_on_connect_ports apart from allowing you to select
specific ports?

Chris K.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Jun 26, 2012, 3:04 PM

Post #2 of 4 (274 views)
Permalink

Re: TLS on connect and Microsoft MUA confusion. [In reply to]

On 2012-06-26 at 10:11 +0800, Chris Kruger wrote:
> "SMTP protocol synchronization error (input sent without waiting for
> greeting):"
>
> If understand correctly this is characteristic of tls on connect problems ?

Nope; that's a protocol lockstep issue. In SMTP, the server speaks
first, but the client isn't waiting for the banner. This behaviour is
common for pump&dump spammers, so seeing in on port 25 is bad.

You can turn this off globally, for all ports, using the
"smtp_enforce_sync" option -- set it false.

You probably instead want to define a acl_smtp_connect ACL, which sets
"control = no_enforce_sync" if the port is 465.

----------------------------8< cut here >8------------------------------
# main section

acl_smtp_connect = acl_connect

begin acl

acl_connect:
warn condition = ${if =={$received_port}{465}}
control = no_enforce_sync

accept
----------------------------8< cut here >8------------------------------

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

chris.kruger at gmail

Jun 27, 2012, 7:00 AM

Post #3 of 4 (269 views)
Permalink

Re: TLS on connect and Microsoft MUA confusion. [In reply to]

On Wed, Jun 27, 2012 at 6:04 AM, Phil Pennock <exim-users [at] spodhuis> wrote:

> Nope; that's a protocol lockstep issue. In SMTP, the server speaks
> first, but the client isn't waiting for the banner. This behaviour is
> common for pump&dump spammers, so seeing in on port 25 is bad.
>
> You can turn this off globally, for all ports, using the
> "smtp_enforce_sync" option -- set it false.

Thanks for the suggestion Phil.

Unfortunately when I tried this suggestion I get other errors. Like
the one below

SMTP syntax error in
"\026\003\001?\200\001??|\003\001O\353\021\017\374!aeM\315|"
H=redacted.com [22.22.22.22]:51885 NULL character(s) present (shown as
'?')

Does that provide any further clues?

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

graeme at graemef

Jun 27, 2012, 7:06 AM

Post #4 of 4 (274 views)
Permalink

Re: TLS on connect and Microsoft MUA confusion. [In reply to]

On Wed, 2012-06-27 at 22:00 +0800, Chris Kruger wrote:
> Unfortunately when I tried this suggestion I get other errors. Like
> the one below
>
> SMTP syntax error in
> "\026\003\001?\200\001??|\003\001O\353\021\017\374!aeM\315|"
> H=redacted.com [22.22.22.22]:51885 NULL character(s) present (shown as
> '?')
>
> Does that provide any further clues?

Sort of. That looks very much like a client configured to use
TLS-on-connect (otherwise known as SSL in older parlance) on a port
which isn't configured to accept it. Just like Outlook would if the port
hasn't been set, in fact...

Graeme

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads