MSA over SSL\TLS not supported?
-
when using SMTP on Prot 25 I can use SSL\TLS
But, if I use MSA port 587 not work
Tue 2024-02-20 18:47:18.437: 05: Accepting SMTP connection from XXX.XXX.XXX.XX:61558 to 192.168.17.11:587
Tue 2024-02-20 18:47:18.438: 03: --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 18:47:18 +0300
Tue 2024-02-20 18:47:18.438: 02: <--
Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
Tue 2024-02-20 18:47:18.438: 02: <-- ¿± W
Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
Tue 2024-02-20 18:47:18.438: 02: <-- À ÀÀ
Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
Tue 2024-02-20 18:47:18.438: 02: <-- Á
Tue 2024-02-20 18:47:18.438: 01: Too many errors encountered
Tue 2024-02-20 18:47:18.439: 04: SMTP session terminated (Bytes in/out: 211/156)UP: MDaemon PRO v21.0.6
-
Arron Staff
Can you post a log snippet that shows an email client connecting to the MSA port and trying to use SSL\TLS? The snippet provided only shows a connection being accepted with invalid commands being sent. In order to see if SSL\TLS is supported, the client needs to send an EHLO command and then the server will respond with a list of valid commands. if STARTTLS is in the list, then TLS is supported.
It should look something like the following:
Tue 2024-02-20 10:06:32.260: [00031891] Session 00031891; child 0001
Tue 2024-02-20 10:06:32.260: [00031891] Accepting SMTP connection from 127.0.0.1:59693 to 127.0.0.1:587
Tue 2024-02-20 10:06:32.263: [00031891] --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 10:06:32 -0600
Tue 2024-02-20 10:06:34.956: [00031891] <-- ehlo test.com
Tue 2024-02-20 10:06:34.956: [00031891] --> 250-mail.arron.altn.com Hello test.com [127.0.0.1], pleased to meet you
Tue 2024-02-20 10:06:34.956: [00031891] --> 250-AUTH LOGIN PLAIN
Tue 2024-02-20 10:06:34.956: [00031891] --> 250-8BITMIME
Tue 2024-02-20 10:06:34.956: [00031891] --> 250-ENHANCEDSTATUSCODES
Tue 2024-02-20 10:06:34.956: [00031891] --> 250-PIPELINING
Tue 2024-02-20 10:06:34.956: [00031891] --> 250-CHUNKING
Tue 2024-02-20 10:06:34.956: [00031891] --> 250-STARTTLS
Tue 2024-02-20 10:06:34.956: [00031891] --> 250 SIZEThe client should then send a STARTTLSL command so the client and server can negogiate the SSL settings.
-
When I use STARTLS everything works the question is in SSL\TLS
STARTLS on MSA (work):
Tue 2024-02-20 18:33:45.769: 05: Session 09760303; child 0026
Tue 2024-02-20 18:33:45.769: 05: Accepting SMTP connection from XX.XXX.XXX.XXX:60191 to 192.168.17.11:587
Tue 2024-02-20 18:33:45.770: 03: --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 18:33:45 +0300
Tue 2024-02-20 18:33:45.810: 02: <-- EHLO NTB2
Tue 2024-02-20 18:33:45.810: 03: --> 250-mail.domain.com Hello NTB2 [XX.XXX.XXX.XXX], pleased to meet you
Tue 2024-02-20 18:33:45.810: 03: --> 250-8BITMIME
Tue 2024-02-20 18:33:45.810: 03: --> 250-ENHANCEDSTATUSCODES
Tue 2024-02-20 18:33:45.810: 03: --> 250-STARTTLS
Tue 2024-02-20 18:33:45.810: 03: --> 250 SIZE
Tue 2024-02-20 18:33:45.816: 02: <-- STARTTLS
Tue 2024-02-20 18:33:45.816: 03: --> 220 2.7.0 Ready to start TLS
Tue 2024-02-20 18:33:45.839: 01: SSL negotiation successful (TLS 1.2, 384 bit key exchange, 256 bit AES encryption)
Tue 2024-02-20 18:33:45.890: 02: <-- EHLO NTB2
Tue 2024-02-20 18:33:45.890: 03: --> 250-mail.domain.com Hello NTB2 [XX.XXX.XXX.XXX], pleased to meet you
Tue 2024-02-20 18:33:45.890: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Tue 2024-02-20 18:33:45.890: 03: --> 250-8BITMIME
Tue 2024-02-20 18:33:45.890: 03: --> 250-ENHANCEDSTATUSCODES
Tue 2024-02-20 18:33:45.890: 03: --> 250-REQUIRETLS
Tue 2024-02-20 18:33:45.890: 03: --> 250 SIZE
Tue 2024-02-20 18:33:45.895: 02: <-- AUTH LOGIN
Tue 2024-02-20 18:33:45.895: 03: --> 334 VXNlcm5hbWU6
Tue 2024-02-20 18:33:45.901: 02: <-- bnN1a2hub0BnaXN3LnJ1
Tue 2024-02-20 18:33:45.901: 03: --> 334 UGFzc3dvcmQ6
Tue 2024-02-20 18:33:45.906: 02: <-- ******
Tue 2024-02-20 18:33:45.906: 01: Authenticating user@domain.com...
Tue 2024-02-20 18:33:45.908: 01: Authenticated as user@domain.com
Tue 2024-02-20 18:33:45.908: 03: --> 235 2.7.0 Authentication successful
Tue 2024-02-20 18:33:45.941: 02: <-- MAIL FROM: <user@domain.com>
Tue 2024-02-20 18:33:45.942: 01: user@domain.com is an alias for user@domain.com
Tue 2024-02-20 18:33:45.942: 03: --> 250 2.1.0 Sender OK
Tue 2024-02-20 18:33:45.956: 02: <-- RCPT TO: <user@domain.com>
Tue 2024-02-20 18:33:45.956: 01: user@domain.com is an alias for user@domain.com
Tue 2024-02-20 18:33:45.957: 03: --> 250 2.1.5 Recipient OK
Tue 2024-02-20 18:33:45.962: 02: <-- DATA
Tue 2024-02-20 18:33:45.963: 03: --> 354 Enter mail, end with .
Tue 2024-02-20 18:33:46.015: 01: Message size: 1307 bytes
Tue 2024-02-20 18:33:46.035: 01: Message creation successful: m:\temp\mdaemon\inbound\md5001000543481.msg
Tue 2024-02-20 18:33:46.035: 03: --> 250 2.6.0 Ok, message saved
Tue 2024-02-20 18:33:46.035: 05: Connection closed
Tue 2024-02-20 18:33:46.036: 01: SMTP session successful (Bytes in/out: 1981/972)
Tue 2024-02-20 18:33:46.039: 01: ----------SSL\TLS on SMTP (works)
Tue 2024-02-20 18:31:37.337: 05: Session 09760244; child 0307
Tue 2024-02-20 18:31:37.337: 05: Accepting SMTP connection from XX.XXX.XXX.XXX:59994 to 192.168.17.11:465
Tue 2024-02-20 18:31:37.345: 01: SSL negotiation successful (TLS 1.2, 384 bit key exchange, 256 bit AES encryption)
Tue 2024-02-20 18:31:37.346: 03: --> 220 mail.domain.com ESMTP Tue, 20 Feb 2024 18:31:37 +0300
Tue 2024-02-20 18:31:37.421: 02: <-- EHLO NTB2
Tue 2024-02-20 18:31:37.422: 03: --> 250-mail.domain.com Hello NTB2 [XX.XXX.XXX.XXX], pleased to meet you
Tue 2024-02-20 18:31:37.422: 03: --> 250-ETRN
Tue 2024-02-20 18:31:37.422: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Tue 2024-02-20 18:31:37.422: 03: --> 250-8BITMIME
Tue 2024-02-20 18:31:37.422: 03: --> 250-ENHANCEDSTATUSCODES
Tue 2024-02-20 18:31:37.422: 03: --> 250-REQUIRETLS
Tue 2024-02-20 18:31:37.422: 03: --> 250 SIZE
Tue 2024-02-20 18:31:37.429: 02: <-- AUTH LOGIN
Tue 2024-02-20 18:31:37.430: 03: --> 334 VXNlcm5hbWU6
Tue 2024-02-20 18:31:37.441: 02: <-- bnN1a2hub0BnaXN3LnJ1
Tue 2024-02-20 18:31:37.441: 03: --> 334 UGFzc3dvcmQ6
Tue 2024-02-20 18:31:37.454: 02: <-- ******
Tue 2024-02-20 18:31:37.454: 01: Authenticating user@domain.com...
Tue 2024-02-20 18:31:37.456: 01: Authenticated as user@domain.com
Tue 2024-02-20 18:31:37.456: 03: --> 235 2.7.0 Authentication successful
Tue 2024-02-20 18:31:37.519: 02: <-- MAIL FROM: <user@domain.com>
Tue 2024-02-20 18:31:37.519: 01: user@domain.com is an alias for user@domain.com
Tue 2024-02-20 18:31:37.520: 03: --> 250 2.1.0 Sender OK
Tue 2024-02-20 18:31:37.527: 02: <-- RCPT TO: <user@domain.com>
Tue 2024-02-20 18:31:37.527: 01: user@domain.com is an alias for user@domain.com
Tue 2024-02-20 18:31:37.528: 03: --> 250 2.1.5 Recipient OK
Tue 2024-02-20 18:31:37.535: 02: <-- DATA
Tue 2024-02-20 18:31:37.535: 03: --> 354 Enter mail, end with .
Tue 2024-02-20 18:31:37.603: 01: Message size: 1307 bytes
Tue 2024-02-20 18:31:37.618: 01: Message creation successful: m:\temp\mdaemon\inbound\md5001000543478.msg
Tue 2024-02-20 18:31:37.618: 03: --> 250 2.6.0 Ok, message saved
Tue 2024-02-20 18:31:37.618: 05: Connection closed
Tue 2024-02-20 18:31:37.619: 01: SMTP session successful (Bytes in/out: 1960/848)
Tue 2024-02-20 18:31:37.621: 01: ----------SSL\TLS on MSA (not work)
Tue 2024-02-20 18:47:18.437: 05: Accepting SMTP connection from XXX.XXX.XXX.XX:61558 to 192.168.17.11:587
Tue 2024-02-20 18:47:18.438: 03: --> 220 mail.domain.com ESMTP MSA Tue, 20 Feb 2024 18:47:18 +0300
Tue 2024-02-20 18:47:18.438: 02: <--
Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
Tue 2024-02-20 18:47:18.438: 02: <-- ¿± W
Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
Tue 2024-02-20 18:47:18.438: 02: <-- À ÀÀ
Tue 2024-02-20 18:47:18.438: 03: --> 500 5.0.0 Unrecognized command
Tue 2024-02-20 18:47:18.438: 02: <-- Á
Tue 2024-02-20 18:47:18.438: 01: Too many errors encountered
Tue 2024-02-20 18:47:18.439: 04: SMTP session terminated (Bytes in/out: 211/156)
-
Arron Staff
There is not a dedicated SSL port for MSA connections. When using the MSA port clients need to use STARTTLS.
If you want to force clients to use STARTTLS check the box for SMTP server requirest STARTTLS on MSA port, which can be found by going to Security / Security Manager / SSL & TLS / MDaemon.