MSA over SSL\TLS not supported? | MDaemon Technologies, Ltd.
  1. Forum
  2. MDaemon
  3. MSA over SSL\TLS not supported?

MSA over SSL\TLS not supported?

  • N

    when using SMTP on Prot 25 I can use SSL\TLS

    But, if I use MSA port 587 not work

    Tue 2024-02-20 18:47:18.437: 05: Accepting SMTP connection from XXX.XXX.XXX.XX:61558 to 192.168.17.11:587
    Tue 2024-02-20 18:47:18.438: 03: --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 18:47:18 +0300
    Tue 2024-02-20 18:47:18.438: 02: <-- 
    Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
    Tue 2024-02-20 18:47:18.438: 02: <-- ¿± W
    Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
    Tue 2024-02-20 18:47:18.438: 02: <-- À ÀÀ
    Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
    Tue 2024-02-20 18:47:18.438: 02: <-- Á
    Tue 2024-02-20 18:47:18.438: 01: Too many errors encountered
    Tue 2024-02-20 18:47:18.439: 04: SMTP session terminated (Bytes in/out: 211/156)

     

    UP: MDaemon PRO v21.0.6

    0 likes
  • A

    Can you post a log snippet that shows an email client connecting to the MSA port and trying to use SSL\TLS?  The snippet provided only shows a connection being accepted with invalid commands being sent.  In order to see if SSL\TLS is supported, the client needs to send an EHLO command and then the server will respond with a list of valid commands.  if STARTTLS is in the list, then TLS is supported.

    It should look something like the following:

    Tue 2024-02-20 10:06:32.260: [00031891] Session 00031891; child 0001
    Tue 2024-02-20 10:06:32.260: [00031891] Accepting SMTP connection from 127.0.0.1:59693 to 127.0.0.1:587
    Tue 2024-02-20 10:06:32.263: [00031891] --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 10:06:32 -0600
    Tue 2024-02-20 10:06:34.956: [00031891] <-- ehlo test.com
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250-mail.arron.altn.com Hello test.com [127.0.0.1], pleased to meet you
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250-AUTH LOGIN PLAIN
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250-8BITMIME
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250-ENHANCEDSTATUSCODES
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250-PIPELINING
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250-CHUNKING
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250-STARTTLS
    Tue 2024-02-20 10:06:34.956: [00031891] --> 250 SIZE

    The client should then send a STARTTLSL command so the client and server can negogiate the SSL settings.

    --
    Arron Caruth

    0 likes
  • N

    When I use STARTLS everything works the question is in SSL\TLS

    STARTLS on MSA (work):

    Tue 2024-02-20 18:33:45.769: 05: Session 09760303; child 0026
    Tue 2024-02-20 18:33:45.769: 05: Accepting SMTP connection from XX.XXX.XXX.XXX:60191 to 192.168.17.11:587
    Tue 2024-02-20 18:33:45.770: 03: --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 18:33:45 +0300
    Tue 2024-02-20 18:33:45.810: 02: <-- EHLO NTB2
    Tue 2024-02-20 18:33:45.810: 03: --> 250-mail.domain.com Hello NTB2 [XX.XXX.XXX.XXX], pleased to meet you
    Tue 2024-02-20 18:33:45.810: 03: --> 250-8BITMIME
    Tue 2024-02-20 18:33:45.810: 03: --> 250-ENHANCEDSTATUSCODES
    Tue 2024-02-20 18:33:45.810: 03: --> 250-STARTTLS
    Tue 2024-02-20 18:33:45.810: 03: --> 250 SIZE
    Tue 2024-02-20 18:33:45.816: 02: <-- STARTTLS
    Tue 2024-02-20 18:33:45.816: 03: --> 220 2.7.0 Ready to start TLS
    Tue 2024-02-20 18:33:45.839: 01: SSL negotiation successful (TLS 1.2, 384 bit key exchange, 256 bit AES encryption)
    Tue 2024-02-20 18:33:45.890: 02: <-- EHLO NTB2
    Tue 2024-02-20 18:33:45.890: 03: --> 250-mail.domain.com Hello NTB2 [XX.XXX.XXX.XXX], pleased to meet you
    Tue 2024-02-20 18:33:45.890: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
    Tue 2024-02-20 18:33:45.890: 03: --> 250-8BITMIME
    Tue 2024-02-20 18:33:45.890: 03: --> 250-ENHANCEDSTATUSCODES
    Tue 2024-02-20 18:33:45.890: 03: --> 250-REQUIRETLS
    Tue 2024-02-20 18:33:45.890: 03: --> 250 SIZE
    Tue 2024-02-20 18:33:45.895: 02: <-- AUTH LOGIN
    Tue 2024-02-20 18:33:45.895: 03: --> 334 VXNlcm5hbWU6
    Tue 2024-02-20 18:33:45.901: 02: <-- bnN1a2hub0BnaXN3LnJ1
    Tue 2024-02-20 18:33:45.901: 03: --> 334 UGFzc3dvcmQ6
    Tue 2024-02-20 18:33:45.906: 02: <-- ******
    Tue 2024-02-20 18:33:45.906: 01: Authenticating user@domain.com...
    Tue 2024-02-20 18:33:45.908: 01: Authenticated as user@domain.com
    Tue 2024-02-20 18:33:45.908: 03: --> 235 2.7.0 Authentication successful
    Tue 2024-02-20 18:33:45.941: 02: <-- MAIL FROM: <user@domain.com>
    Tue 2024-02-20 18:33:45.942: 01: user@domain.com is an alias for user@domain.com
    Tue 2024-02-20 18:33:45.942: 03: --> 250 2.1.0 Sender OK
    Tue 2024-02-20 18:33:45.956: 02: <-- RCPT TO: <user@domain.com>
    Tue 2024-02-20 18:33:45.956: 01: user@domain.com is an alias for user@domain.com
    Tue 2024-02-20 18:33:45.957: 03: --> 250 2.1.5 Recipient OK
    Tue 2024-02-20 18:33:45.962: 02: <-- DATA
    Tue 2024-02-20 18:33:45.963: 03: --> 354 Enter mail, end with .
    Tue 2024-02-20 18:33:46.015: 01: Message size: 1307 bytes
    Tue 2024-02-20 18:33:46.035: 01: Message creation successful: m:\temp\mdaemon\inbound\md5001000543481.msg
    Tue 2024-02-20 18:33:46.035: 03: --> 250 2.6.0 Ok, message saved
    Tue 2024-02-20 18:33:46.035: 05: Connection closed
    Tue 2024-02-20 18:33:46.036: 01: SMTP session successful (Bytes in/out: 1981/972)
    Tue 2024-02-20 18:33:46.039: 01: ----------

    SSL\TLS on SMTP  (works)

    Tue 2024-02-20 18:31:37.337: 05: Session 09760244; child 0307
    Tue 2024-02-20 18:31:37.337: 05: Accepting SMTP connection from XX.XXX.XXX.XXX:59994 to 192.168.17.11:465
    Tue 2024-02-20 18:31:37.345: 01: SSL negotiation successful (TLS 1.2, 384 bit key exchange, 256 bit AES encryption)
    Tue 2024-02-20 18:31:37.346: 03: --> 220 mail.domain.com ESMTP Tue, 20 Feb 2024 18:31:37 +0300
    Tue 2024-02-20 18:31:37.421: 02: <-- EHLO NTB2
    Tue 2024-02-20 18:31:37.422: 03: --> 250-mail.domain.com Hello NTB2 [XX.XXX.XXX.XXX], pleased to meet you
    Tue 2024-02-20 18:31:37.422: 03: --> 250-ETRN
    Tue 2024-02-20 18:31:37.422: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
    Tue 2024-02-20 18:31:37.422: 03: --> 250-8BITMIME
    Tue 2024-02-20 18:31:37.422: 03: --> 250-ENHANCEDSTATUSCODES
    Tue 2024-02-20 18:31:37.422: 03: --> 250-REQUIRETLS
    Tue 2024-02-20 18:31:37.422: 03: --> 250 SIZE
    Tue 2024-02-20 18:31:37.429: 02: <-- AUTH LOGIN
    Tue 2024-02-20 18:31:37.430: 03: --> 334 VXNlcm5hbWU6
    Tue 2024-02-20 18:31:37.441: 02: <-- bnN1a2hub0BnaXN3LnJ1
    Tue 2024-02-20 18:31:37.441: 03: --> 334 UGFzc3dvcmQ6
    Tue 2024-02-20 18:31:37.454: 02: <-- ******
    Tue 2024-02-20 18:31:37.454: 01: Authenticating user@domain.com...
    Tue 2024-02-20 18:31:37.456: 01: Authenticated as user@domain.com
    Tue 2024-02-20 18:31:37.456: 03: --> 235 2.7.0 Authentication successful
    Tue 2024-02-20 18:31:37.519: 02: <-- MAIL FROM: <user@domain.com>
    Tue 2024-02-20 18:31:37.519: 01: user@domain.com is an alias for user@domain.com
    Tue 2024-02-20 18:31:37.520: 03: --> 250 2.1.0 Sender OK
    Tue 2024-02-20 18:31:37.527: 02: <-- RCPT TO: <user@domain.com>
    Tue 2024-02-20 18:31:37.527: 01: user@domain.com is an alias for user@domain.com
    Tue 2024-02-20 18:31:37.528: 03: --> 250 2.1.5 Recipient OK
    Tue 2024-02-20 18:31:37.535: 02: <-- DATA
    Tue 2024-02-20 18:31:37.535: 03: --> 354 Enter mail, end with .
    Tue 2024-02-20 18:31:37.603: 01: Message size: 1307 bytes
    Tue 2024-02-20 18:31:37.618: 01: Message creation successful: m:\temp\mdaemon\inbound\md5001000543478.msg
    Tue 2024-02-20 18:31:37.618: 03: --> 250 2.6.0 Ok, message saved
    Tue 2024-02-20 18:31:37.618: 05: Connection closed
    Tue 2024-02-20 18:31:37.619: 01: SMTP session successful (Bytes in/out: 1960/848)
    Tue 2024-02-20 18:31:37.621: 01: ----------

    SSL\TLS on MSA (not work)

    Tue 2024-02-20 18:47:18.437: 05: Accepting SMTP connection from XXX.XXX.XXX.XX:61558 to 192.168.17.11:587
    Tue 2024-02-20 18:47:18.438: 03: --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 18:47:18 +0300
    Tue 2024-02-20 18:47:18.438: 02: <-- 
    Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
    Tue 2024-02-20 18:47:18.438: 02: <-- ¿± W
    Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
    Tue 2024-02-20 18:47:18.438: 02: <-- À ÀÀ
    Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
    Tue 2024-02-20 18:47:18.438: 02: <-- Á
    Tue 2024-02-20 18:47:18.438: 01: Too many errors encountered
    Tue 2024-02-20 18:47:18.439: 04: SMTP session terminated (Bytes in/out: 211/156)

    0 likes
  • A

    There is not a dedicated SSL port for MSA connections.   When using the MSA port clients need to use STARTTLS.  

    If you want to force clients to use STARTTLS check the box for SMTP server requirest STARTTLS on MSA port, which can be found by going to Security / Security Manager / SSL & TLS / MDaemon.

    --
    Arron Caruth

    0 likes
Please login to reply this topic!