Postfix + AUTH/TLS + Outlook/OE problem

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix + AUTH/TLS + Outlook/OE problem

Adrian Gonzalez-2

Hello

I'm seeing some very strange behavior with Outlook 2003 and Outlook Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and FreeBSD 6.1-STABLE

It seems like Outlook/OE don't like the SSL handshake for some reason.  They connect to the server, issue STARTTLS, and disconnect during the handshake, giving an "Error Number: 0x800CCC0B".  I've tried both STARTTLS and using 'wrapper
mode' on port 465 with the same results.  Other clients like Thunderbird are able to send just fine using the same server w/STARTTLS, so I'm assuming it's not a configuration/authentication issue.

I thought it could be related to the chained SSL certificate we're using (GoDaddy), but the results were the same with a self-signed cert.

I also tried updating OpenSSL to the latest 'stable' release (0.9.7j), same results.

I've been banging my head against the wall with this one, and I'm running out of options, so I thought I'd ask in here and see if this has happened to anybody else.

To make matters even stranger, in Outlook Express, when you create the message and click send, you get the error message and the email stays in the outbox.  After that if you do a Send/Receive, OE is able to negotiate TLS properly and sends
the message just fine.

Any ideas welcome...

-Adrian

p.s. Here's the output generated by postfix using the self-signed cert and Outlook 2003 as the client (smtpd_tls_loglevel = 3)

Aug 17 13:59:50 cube postfix/smtpd[70309]: connect from unknown[xx.xx.xx.xx]
Aug 17 13:59:50 cube postfix/smtpd[70309]: setting up TLS connection from unknown[xx.xx.xx.xx]
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:before/accept initialization
Aug 17 13:59:50 cube postfix/smtpd[70309]: read from 080A2C40 [080CE000] (11 bytes => -1 (0xFFFFFFFF))
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:error in SSLv2/v3 read client hello A
Aug 17 13:59:50 cube postfix/smtpd[70309]: read from 080A2C40 [080CE000] (11 bytes => 11 (0xB))
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0000 16 03 01 00 61 01 00 00|5d 03 01                 ....a... ]..
Aug 17 13:59:50 cube postfix/smtpd[70309]: read from 080A2C40 [080CE00B] (91 bytes => -1 (0xFFFFFFFF))
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:error in SSLv3 read client hello B
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:error in SSLv3 read client hello B
Aug 17 13:59:50 cube postfix/smtpd[70309]: read from 080A2C40 [080CE00B] (91 bytes => 91 (0x5B))
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0000 44 e4 bc 7c a8 1d f1 52|3f 89 d0 b7 5d 86 5c 14  D..|...R ?...].\.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0010 4a 4f 34 7e e5 4a 6c 14|3f 6d d0 c9 00 03 77 aa  JO4~.Jl. ?m....w.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0020 20 6c 33 a0 d8 cd 48 0e|68 ba df c8 8f be 0c 2f   l3...H. h....../
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0030 49 e2 48 98 9d 5f 35 29|ba 05 5b 50 05 59 a5 8a  I.H.._5) ..[P.Y..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0040 08 00 16 00 04 00 05 00|0a 00 09 00 64 00 62 00  ........ ....d.b.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0050 03 00 06 00 13 00 12 00|63 01                    ........ c.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 005a - <SPACES/NULLS>
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:SSLv3 read client hello B
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:SSLv3 write server hello A
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:SSLv3 write certificate A
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:SSLv3 write server done A
Aug 17 13:59:50 cube postfix/smtpd[70309]: write to 080A2C40 [080D7000] (957 bytes => 957 (0x3BD))
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0000 16 03 01 00 2a 02 00 00|26 03 01 44 e4 bc a6 49  ....*... &..D...I
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0010 4a 1a 5d b1 25 7d bb 4b|0c ae c7 59 d2 3f 1f 80  J.].%}.K ...Y.?..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0020 52 63 19 72 2a 9a df 8c|a2 13 10 00 00 04 00 16  Rc.r*... ........
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0030 03 01 03 80 0b 00 03 7c|00 03 79 00 03 76 30 82  .......| ..y..v0.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0040 03 72 30 82 02 db a0 03|02 01 02 02 09 00 d0 12  .r0..... ........
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0050 84 7d fd fc 68 f8 30 0d|06 09 2a 86 48 86 f7 0d  .}..h.0. ..*.H...
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0060 01 01 04 05 00 30 81 83|31 0b 30 09 06 03 55 04  .....0.. 1.0...U.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0070 06 13 02 55 53 31 0e 30|0c 06 03 55 04 08 13 05  ...US1.0 ...U....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0080 54 65 78 61 73 31 0f 30|0d 06 03 55 04 07 13 06  Texas1.0 ...U....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0090 4c 61 72 65 64 6f 31 15|30 13 06 03 55 04 0a 13  Laredo1. 0...U...
Aug 17 13:59:50 cube postfix/smtpd[70309]: 00a0 0c 47 6c 6f 62 61 6c 20|50 43 4e 65 74 31 1a 30  .Global  PCNet1.0
Aug 17 13:59:50 cube postfix/smtpd[70309]: 00b0 18 06 03 55 04 03 13 11|63 75 62 65 2e 67 6c 6f  ...U.... cube.glo
Aug 17 13:59:50 cube postfix/smtpd[70309]: 00c0 62 61 6c 70 63 2e 6e 65|74 31 20 30 1e 06 09 2a  balpc.ne t1 0...*
Aug 17 13:59:50 cube postfix/smtpd[70309]: 00d0 86 48 86 f7 0d 01 09 01|16 11 69 6e 66 6f 40 67  .H...... ..info@g
Aug 17 13:59:50 cube postfix/smtpd[70309]: 00e0 6c 6f 62 61 6c 70 63 2e|6e 65 74 30 1e 17 0d 30  lobalpc. net0...0
Aug 17 13:59:50 cube postfix/smtpd[70309]: 00f0 36 30 38 31 37 31 36 32|37 35 39 5a 17 0d 31 36  60817162 759Z..16
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0100 30 38 31 34 31 36 32 37|35 39 5a 30 81 83 31 0b  08141627 59Z0..1.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0110 30 09 06 03 55 04 06 13|02 55 53 31 0e 30 0c 06  0...U... .US1.0..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0120 03 55 04 08 13 05 54 65|78 61 73 31 0f 30 0d 06  .U....Te xas1.0..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0130 03 55 04 07 13 06 4c 61|72 65 64 6f 31 15 30 13  .U....La redo1.0.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0140 06 03 55 04 0a 13 0c 47|6c 6f 62 61 6c 20 50 43  ..U....G lobal PC
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0150 4e 65 74 31 1a 30 18 06|03 55 04 03 13 11 63 75  Net1.0.. .U....cu
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0160 62 65 2e 67 6c 6f 62 61|6c 70 63 2e 6e 65 74 31  be.globa lpc.net1
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0170 20 30 1e 06 09 2a 86 48|86 f7 0d 01 09 01 16 11   0...*.H ........
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0180 69 6e 66 6f 40 67 6c 6f|62 61 6c 70 63 2e 6e 65  info@glo balpc.ne
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0190 74 30 81 9f 30 0d 06 09|2a 86 48 86 f7 0d 01 01  t0..0... *.H.....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 01a0 01 05 00 03 81 8d 00 30|81 89 02 81 81 00 c8 6f  .......0 .......o
Aug 17 13:59:50 cube postfix/smtpd[70309]: 01b0 7e 75 72 4c 2b 63 f3 47|f9 85 e3 de 86 29 a9 92  ~urL+c.G .....)..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 01c0 9b 95 c4 5b ec 2b fe d7|41 71 2f d8 c2 99 7d 56  ...[.+.. Aq/...}V
Aug 17 13:59:50 cube postfix/smtpd[70309]: 01d0 c8 8f e4 ff 11 02 90 76|3c f2 b2 87 90 d0 1a f2  .......v <.......
Aug 17 13:59:50 cube postfix/smtpd[70309]: 01e0 cf f0 f7 c4 fc f5 4b 26|86 94 d7 8a 4d f2 4b 96  ......K& ....M.K.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 01f0 8a 7b 31 21 c2 31 de d1|2b 4e 3e 66 4a b2 e9 ff  .{1!.1.. +N>fJ...
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0200 3e 8d 99 d7 3d 57 9a b8|3e e8 98 64 20 5e 29 90  >...=W.. >..d ^).
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0210 6b f7 13 1e 9c 58 b4 cf|50 36 c8 b4 2e 79 15 9c  k....X.. P6...y..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0220 6b ba 39 30 12 c3 fe 80|c5 9e 2c b2 ff 37 02 03  k.90.... ..,..7..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0230 01 00 01 a3 81 eb 30 81|e8 30 1d 06 03 55 1d 0e  ......0. .0...U..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0240 04 16 04 14 4f 13 d7 ee|c1 d0 1b 1d 1b 58 d9 5d  ....O... .....X.]
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0250 a9 4f 8e c3 d0 6a 7b ca|30 81 b8 06 03 55 1d 23  .O...j{. 0....U.#
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0260 04 81 b0 30 81 ad 80 14|4f 13 d7 ee c1 d0 1b 1d  ...0.... O.......
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0270 1b 58 d9 5d a9 4f 8e c3|d0 6a 7b ca a1 81 89 a4  .X.].O.. .j{.....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0280 81 86 30 81 83 31 0b 30|09 06 03 55 04 06 13 02  ..0..1.0 ...U....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0290 55 53 31 0e 30 0c 06 03|55 04 08 13 05 54 65 78  US1.0... U....Tex
Aug 17 13:59:50 cube postfix/smtpd[70309]: 02a0 61 73 31 0f 30 0d 06 03|55 04 07 13 06 4c 61 72  as1.0... U....Lar
Aug 17 13:59:50 cube postfix/smtpd[70309]: 02b0 65 64 6f 31 15 30 13 06|03 55 04 0a 13 0c 47 6c  edo1.0.. .U....Gl
Aug 17 13:59:50 cube postfix/smtpd[70309]: 02c0 6f 62 61 6c 20 50 43 4e|65 74 31 1a 30 18 06 03  obal PCN et1.0...
Aug 17 13:59:50 cube postfix/smtpd[70309]: 02d0 55 04 03 13 11 63 75 62|65 2e 67 6c 6f 62 61 6c  U....cub e.global
Aug 17 13:59:50 cube postfix/smtpd[70309]: 02e0 70 63 2e 6e 65 74 31 20|30 1e 06 09 2a 86 48 86  pc.net1  0...*.H.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 02f0 f7 0d 01 09 01 16 11 69|6e 66 6f 40 67 6c 6f 62  .......i nfo@glob
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0300 61 6c 70 63 2e 6e 65 74|82 09 00 d0 12 84 7d fd  alpc.net ......}.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0310 fc 68 f8 30 0c 06 03 55|1d 13 04 05 30 03 01 01  .h.0...U ....0...
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0320 ff 30 0d 06 09 2a 86 48|86 f7 0d 01 01 04 05 00  .0...*.H ........
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0330 03 81 81 00 91 b9 2d cf|33 b3 5d 17 af 03 1c fd  ......-. 3.].....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0340 bd cd 6a a1 3c b1 89 34|d6 84 bd 24 cb 1f d7 e4  ..j.<..4 ...$....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0350 3b ef 82 ec 25 b0 3d cf|a0 d7 ac bf 37 79 cf c3  ;...%.=. ....7y..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0360 64 43 c8 71 bf 5f 35 9a|6c 64 63 e9 43 99 42 d1  dC.q._5. ldc.C.B.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0370 dc 7f 2b 2e 03 40 f7 58|9c 3d d7 57 d8 d8 0d 02  ..+..@.X .=.W....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0380 9f 0c b1 00 9b 37 12 a8|dd 88 97 29 a7 08 1f b6  .....7.. ...)....
Aug 17 13:59:50 cube postfix/smtpd[70309]: 0390 f4 b7 e4 cf 97 3b c8 8c|42 e8 ed 4b 34 9a 3e aa  .....;.. B..K4.>.
Aug 17 13:59:50 cube postfix/smtpd[70309]: 03a0 f6 f7 ef 19 96 91 f7 87|41 03 ad 97 62 b5 a6 96  ........ A...b...
Aug 17 13:59:50 cube postfix/smtpd[70309]: 03b0 d9 fa 76 06 16 03 01 00|04 0e                    ..v..... ..
Aug 17 13:59:50 cube postfix/smtpd[70309]: 03ba - <SPACES/NULLS>
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:SSLv3 flush data
Aug 17 13:59:50 cube postfix/smtpd[70309]: read from 080A2C40 [080CE000] (5 bytes => -1 (0xFFFFFFFF))
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept:error in SSLv3 read client certificate A
Aug 17 13:59:50 cube postfix/smtpd[70309]: SSL_accept error from unknown[xx.xx.xx.xx]: -1
Aug 17 13:59:50 cube postfix/smtpd[70309]: lost connection after STARTTLS from unknown[xx.xx.xx.xx]
Aug 17 13:59:50 cube postfix/smtpd[70309]: disconnect from unknown[xx.xx.xx.xx]


Here's the output of an successful handshake with Thunderbird, same server, same cert:

Aug 17 15:10:57 cube postfix/smtpd[70628]: initializing the server-side TLS engine
Aug 17 15:10:57 cube postfix/smtpd[70628]: connect from unknown[xx.xx.xx.xx]
Aug 17 15:10:57 cube postfix/smtpd[70628]: setting up TLS connection from unknown[xx.xx.xx.xx]
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:before/accept initialization
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (11 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv2/v3 read client hello A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (11 bytes => 11 (0xB))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 16 03 01 00 53 01 00 00|4f 03 01                 ....S... O..
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC00B] (77 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read client hello B
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read client hello B
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC00B] (77 bytes => 77 (0x4D))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 00 09 50 45 87 f0 4d 15|9b ae 4b d2 80 86 c2 d3  ..PE..M. ..K.....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0010 c3 87 49 d1 9e c9 f9 d3|56 7d fd 2f ad 77 63 3d  ..I..... V}./.wc=
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0020 00 00 28 00 39 00 38 00|35 00 33 00 32 00 04 00  ..(.9.8. 5.3.2...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0030 05 00 2f 00 16 00 13 fe|ff 00 0a 00 15 00 12 fe  ../..... ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0040 fe 00 09 00 64 00 62 00|03 00 06 01              ....d.b. ....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 004c - <SPACES/NULLS>
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 read client hello B
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 write server hello A
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 write certificate A
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 write key exchange A
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 write server done A
Aug 17 15:10:57 cube postfix/smtpd[70628]: write to 080A2D00 [080B7000] (1359 bytes => 1359 (0x54F))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 16 03 01 00 2a 02 00 00|26 03 01 44 e4 cd 51 2f  ....*... &..D..Q/
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0010 e5 99 d2 23 bb 45 54 47|6e 5e 59 ec 6f 2c 6a 76  ...#.ETG n^Y.o,jv
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0020 3c 55 36 e7 af ee 92 80|3d 51 7d 00 00 39 00 16  <U6..... =Q}..9..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0030 03 01 03 80 0b 00 03 7c|00 03 79 00 03 76 30 82  .......| ..y..v0.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0040 03 72 30 82 02 db a0 03|02 01 02 02 09 00 d0 12  .r0..... ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0050 84 7d fd fc 68 f8 30 0d|06 09 2a 86 48 86 f7 0d  .}..h.0. ..*.H...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0060 01 01 04 05 00 30 81 83|31 0b 30 09 06 03 55 04  .....0.. 1.0...U.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0070 06 13 02 55 53 31 0e 30|0c 06 03 55 04 08 13 05  ...US1.0 ...U....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0080 54 65 78 61 73 31 0f 30|0d 06 03 55 04 07 13 06  Texas1.0 ...U....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0090 4c 61 72 65 64 6f 31 15|30 13 06 03 55 04 0a 13  Laredo1. 0...U...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 00a0 0c 47 6c 6f 62 61 6c 20|50 43 4e 65 74 31 1a 30  .Global  PCNet1.0
Aug 17 15:10:57 cube postfix/smtpd[70628]: 00b0 18 06 03 55 04 03 13 11|63 75 62 65 2e 67 6c 6f  ...U.... cube.glo
Aug 17 15:10:57 cube postfix/smtpd[70628]: 00c0 62 61 6c 70 63 2e 6e 65|74 31 20 30 1e 06 09 2a  balpc.ne t1 0...*
Aug 17 15:10:57 cube postfix/smtpd[70628]: 00d0 86 48 86 f7 0d 01 09 01|16 11 69 6e 66 6f 40 67  .H...... ..info@g
Aug 17 15:10:57 cube postfix/smtpd[70628]: 00e0 6c 6f 62 61 6c 70 63 2e|6e 65 74 30 1e 17 0d 30  lobalpc. net0...0
Aug 17 15:10:57 cube postfix/smtpd[70628]: 00f0 36 30 38 31 37 31 36 32|37 35 39 5a 17 0d 31 36  60817162 759Z..16
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0100 30 38 31 34 31 36 32 37|35 39 5a 30 81 83 31 0b  08141627 59Z0..1.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0110 30 09 06 03 55 04 06 13|02 55 53 31 0e 30 0c 06  0...U... .US1.0..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0120 03 55 04 08 13 05 54 65|78 61 73 31 0f 30 0d 06  .U....Te xas1.0..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0130 03 55 04 07 13 06 4c 61|72 65 64 6f 31 15 30 13  .U....La redo1.0.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0140 06 03 55 04 0a 13 0c 47|6c 6f 62 61 6c 20 50 43  ..U....G lobal PC
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0150 4e 65 74 31 1a 30 18 06|03 55 04 03 13 11 63 75  Net1.0.. .U....cu
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0160 62 65 2e 67 6c 6f 62 61|6c 70 63 2e 6e 65 74 31  be.globa lpc.net1
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0170 20 30 1e 06 09 2a 86 48|86 f7 0d 01 09 01 16 11   0...*.H ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0180 69 6e 66 6f 40 67 6c 6f|62 61 6c 70 63 2e 6e 65  info@glo balpc.ne
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0190 74 30 81 9f 30 0d 06 09|2a 86 48 86 f7 0d 01 01  t0..0... *.H.....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 01a0 01 05 00 03 81 8d 00 30|81 89 02 81 81 00 c8 6f  .......0 .......o
Aug 17 15:10:57 cube postfix/smtpd[70628]: 01b0 7e 75 72 4c 2b 63 f3 47|f9 85 e3 de 86 29 a9 92  ~urL+c.G .....)..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 01c0 9b 95 c4 5b ec 2b fe d7|41 71 2f d8 c2 99 7d 56  ...[.+.. Aq/...}V
Aug 17 15:10:57 cube postfix/smtpd[70628]: 01d0 c8 8f e4 ff 11 02 90 76|3c f2 b2 87 90 d0 1a f2  .......v <.......
Aug 17 15:10:57 cube postfix/smtpd[70628]: 01e0 cf f0 f7 c4 fc f5 4b 26|86 94 d7 8a 4d f2 4b 96  ......K& ....M.K.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 01f0 8a 7b 31 21 c2 31 de d1|2b 4e 3e 66 4a b2 e9 ff  .{1!.1.. +N>fJ...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0200 3e 8d 99 d7 3d 57 9a b8|3e e8 98 64 20 5e 29 90  >...=W.. >..d ^).
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0210 6b f7 13 1e 9c 58 b4 cf|50 36 c8 b4 2e 79 15 9c  k....X.. P6...y..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0220 6b ba 39 30 12 c3 fe 80|c5 9e 2c b2 ff 37 02 03  k.90.... ..,..7..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0230 01 00 01 a3 81 eb 30 81|e8 30 1d 06 03 55 1d 0e  ......0. .0...U..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0240 04 16 04 14 4f 13 d7 ee|c1 d0 1b 1d 1b 58 d9 5d  ....O... .....X.]
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0250 a9 4f 8e c3 d0 6a 7b ca|30 81 b8 06 03 55 1d 23  .O...j{. 0....U.#
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0260 04 81 b0 30 81 ad 80 14|4f 13 d7 ee c1 d0 1b 1d  ...0.... O.......
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0270 1b 58 d9 5d a9 4f 8e c3|d0 6a 7b ca a1 81 89 a4  .X.].O.. .j{.....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0280 81 86 30 81 83 31 0b 30|09 06 03 55 04 06 13 02  ..0..1.0 ...U....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0290 55 53 31 0e 30 0c 06 03|55 04 08 13 05 54 65 78  US1.0... U....Tex
Aug 17 15:10:57 cube postfix/smtpd[70628]: 02a0 61 73 31 0f 30 0d 06 03|55 04 07 13 06 4c 61 72  as1.0... U....Lar
Aug 17 15:10:57 cube postfix/smtpd[70628]: 02b0 65 64 6f 31 15 30 13 06|03 55 04 0a 13 0c 47 6c  edo1.0.. .U....Gl
Aug 17 15:10:57 cube postfix/smtpd[70628]: 02c0 6f 62 61 6c 20 50 43 4e|65 74 31 1a 30 18 06 03  obal PCN et1.0...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 02d0 55 04 03 13 11 63 75 62|65 2e 67 6c 6f 62 61 6c  U....cub e.global
Aug 17 15:10:57 cube postfix/smtpd[70628]: 02e0 70 63 2e 6e 65 74 31 20|30 1e 06 09 2a 86 48 86  pc.net1  0...*.H.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 02f0 f7 0d 01 09 01 16 11 69|6e 66 6f 40 67 6c 6f 62  .......i nfo@glob
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0300 61 6c 70 63 2e 6e 65 74|82 09 00 d0 12 84 7d fd  alpc.net ......}.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0310 fc 68 f8 30 0c 06 03 55|1d 13 04 05 30 03 01 01  .h.0...U ....0...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0320 ff 30 0d 06 09 2a 86 48|86 f7 0d 01 01 04 05 00  .0...*.H ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0330 03 81 81 00 91 b9 2d cf|33 b3 5d 17 af 03 1c fd  ......-. 3.].....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0340 bd cd 6a a1 3c b1 89 34|d6 84 bd 24 cb 1f d7 e4  ..j.<..4 ...$....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0350 3b ef 82 ec 25 b0 3d cf|a0 d7 ac bf 37 79 cf c3  ;...%.=. ....7y..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0360 64 43 c8 71 bf 5f 35 9a|6c 64 63 e9 43 99 42 d1  dC.q._5. ldc.C.B.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0370 dc 7f 2b 2e 03 40 f7 58|9c 3d d7 57 d8 d8 0d 02  ..+..@.X .=.W....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0380 9f 0c b1 00 9b 37 12 a8|dd 88 97 29 a7 08 1f b6  .....7.. ...)....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0390 f4 b7 e4 cf 97 3b c8 8c|42 e8 ed 4b 34 9a 3e aa  .....;.. B..K4.>.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 03a0 f6 f7 ef 19 96 91 f7 87|41 03 ad 97 62 b5 a6 96  ........ A...b...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 03b0 d9 fa 76 06 16 03 01 01|8d 0c 00 01 89 00 80 b0  ..v..... ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 03c0 fe b4 cf d4 55 07 e7 cc|88 59 0d 17 26 c5 0c a5  ....U... .Y..&...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 03d0 4a 92 23 81 78 da 88 aa|4c 13 06 bf 5d 2f 9e bc  J.#.x... L...]/..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 03e0 96 b8 51 00 9d 0c 0d 75|ad fd 3b b1 7e 71 4f 3f  ..Q....u ..;.~qO?
Aug 17 15:10:57 cube postfix/smtpd[70628]: 03f0 91 54 14 44 b8 30 25 1c|eb df 72 9c 4c f1 89 0d  .T.D.0%. ..r.L...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0400 68 3f 94 8e a4 fb 76 89|18 b2 91 16 90 01 99 66  h?....v. .......f
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0410 8c 53 81 4e 27 3d 99 e7|5a 7a af d5 ec e2 7e fa  .S.N'=.. Zz....~.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0420 ed 01 18 c2 78 25 59 06|5c 39 f6 cd 49 54 af c1  ....x%Y. \9..IT..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0430 b1 ea 4a f9 53 d0 df 6d|af d4 93 e7 ba ae 9b 00  ..J.S..m ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0440 01 02 00 80 0b 39 55 0a|1d d0 5e ef ab fa b3 65  .....9U. ..^....e
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0450 f4 8b ec e3 e5 03 b9 d8|f1 35 4c f9 79 37 ef bc  ........ .5L.y7..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0460 16 9a d3 b0 8c f4 cd 82|c4 8f 29 70 02 f4 32 90  ........ ..)p..2.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0470 0c 88 ed 9d 3e 5c b6 3f|f8 bf 91 58 36 6c ae 1d  ....>\.? ...X6l..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0480 0f 4f 40 f6 d1 c7 42 c5|a0 51 c5 6e 24 08 45 b1  .O@...B. .Q.n$.E.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0490 98 f7 db 89 e0 28 ce 6b|45 5d 17 6d 37 0d 01 52  .....(.k E].m7..R
Aug 17 15:10:57 cube postfix/smtpd[70628]: 04a0 c6 06 53 9c 66 44 8e b9|02 48 43 07 59 be c4 66  ..S.fD.. .HC.Y..f
Aug 17 15:10:57 cube postfix/smtpd[70628]: 04b0 b7 80 0c 8f d4 f5 64 67|a2 40 2f c6 83 29 f5 79  ......dg .@/..).y
Aug 17 15:10:57 cube postfix/smtpd[70628]: 04c0 66 5e b1 f9 00 80 08 34|f7 9f ec 21 b3 72 51 f6  f^.....4 ...!.rQ.
Aug 17 15:10:57 cube postfix/smtpd[70628]: 04d0 54 ef 76 47 0c c7 fe 48|36 cf b1 0f 79 60 f2 91  T.vG...H 6...y`..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 04e0 cd f4 05 67 b6 f0 72 1f|ee 05 0d 3e f9 02 86 5c  ...g..r. ...>...\
Aug 17 15:10:57 cube postfix/smtpd[70628]: 04f0 17 82 95 41 77 d7 34 78|5a 24 24 45 d1 79 15 13  ...Aw.4x Z$$E.y..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0500 fb 75 c7 e9 e0 03 48 77|30 2b f1 39 15 64 f8 b6  .u....Hw 0+.9.d..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0510 92 76 b8 32 6e 2b 65 6a|f6 bc e7 ba 72 f2 b0 c1  .v.2n+ej ....r...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0520 38 26 dd aa 7e b5 27 0e|11 89 3c 95 3b 35 e9 a7  8&..~.'. ..<.;5..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0530 c2 b4 6c ed 00 e7 8b 94|30 ac 0a 2f 52 59 bb e1  ..l..... 0../RY..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0540 58 35 bf 34 07 b4 16 03|01 00 04 0e              X5.4.... ....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 054c - <SPACES/NULLS>
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 flush data
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (5 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read client certificate A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (5 bytes => 5 (0x5))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 16 03 01 00 86                                   .....
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC005] (134 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read client certificate A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC005] (134 bytes => 134 (0x86))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 10 00 00 82 00 80 59 1d|ee af 39 68 d8 fe cc 57  ......Y. ..9h...W
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0010 c3 49 92 1e c8 f9 d9 ac|59 1c ab 89 b5 0f f8 7e  .I...... Y......~
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0020 22 d9 26 c8 16 db 3f af|f0 c0 d0 d1 7b 58 e7 af  ".&...?. ....{X..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0030 18 b4 5e c3 66 8a 23 d6|a0 17 9e a3 b7 a1 0f ed  ..^.f.#. ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0040 b9 6d 14 d6 2e d9 fc 74|86 b6 a5 83 f0 6e 6b 74  .m.....t .....nkt
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0050 17 5e 6f 39 09 eb 1a d5|d4 89 07 fd 95 30 6f 39  .^o9.... .....0o9
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0060 11 be c7 1e 23 69 31 e0|f4 e2 c6 94 cf b7 da b6  ....#i1. ........
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0070 e1 6e ec 30 10 f8 08 a4|44 e8 f7 6b 6e 4c b8 61  .n.0.... D..knL.a
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0080 f2 5a 40 04 d3 46                                .Z@..F
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 read client key exchange A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (5 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read certificate verify A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (5 bytes => 5 (0x5))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 14 03 01 00 01                                   .....
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC005] (1 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read certificate verify A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC005] (1 bytes => 1 (0x1))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 01                                               .
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (5 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read certificate verify A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC000] (5 bytes => 5 (0x5))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 16 03 01 00 30                                   ....0
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC005] (48 bytes => -1 (0xFFFFFFFF))
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:error in SSLv3 read certificate verify A
Aug 17 15:10:57 cube postfix/smtpd[70628]: read from 080A2D00 [080CC005] (48 bytes => 48 (0x30))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 18 ed 40 ce 69 10 57 c2|57 1e 5c 9b ac 2f 09 d2  ..@.i.W. W.\../..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0010 ae 53 69 da bf e7 a7 b0|76 bf 5b 26 00 93 bf 93  .Si..... v.[&....
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0020 21 5b 56 52 02 13 5a 0e|ba 76 6c e7 81 da 6e 41  ![VR..Z. .vl...nA
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 read finished A
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 write change cipher spec A
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 write finished A
Aug 17 15:10:57 cube postfix/smtpd[70628]: write to 080A2D00 [080B7000] (59 bytes => 59 (0x3B))
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0000 14 03 01 00 01 01 16 03|01 00 30 ce bd 50 2c 69  ........ ..0..P,i
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0010 b6 57 a3 2c 94 0f e9 9c|bb 0a aa db 1c 40 f4 04  .W.,.... .....@..
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0020 11 67 0a 22 12 01 58 e1|e7 31 2b 07 44 8e a8 a7  .g."..X. .1+.D...
Aug 17 15:10:57 cube postfix/smtpd[70628]: 0030 55 e0 01 63 80 ba 97 24|93 4f 63                 U..c...$ .Oc
Aug 17 15:10:57 cube postfix/smtpd[70628]: SSL_accept:SSLv3 flush data
Aug 17 15:10:57 cube postfix/smtpd[70628]: TLS connection established from unknown[xx.xx.xx.xx]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Postfix + AUTH/TLS + Outlook/OE problem

Darren Pilgrim-2
Adrian Gonzalez wrote:
 > Hello
 >
 > I'm seeing some very strange behavior with Outlook 2003 and Outlook
 > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and
 > FreeBSD 6.1-STABLE
 >
 > It seems like Outlook/OE don't like the SSL handshake for some
 > reason.  They connect to the server, issue STARTTLS, and disconnect
 > during the handshake, giving an "Error Number: 0x800CCC0B".  I've
 > tried both STARTTLS and using 'wrapper mode' on port 465 with the
 > same results.

Which version of Outlook Express were you using?  Outlook Express 6
doesn't support STARTTLS, only wrapper-mode.  OE6 also also has a broken
SASL implementation (set broken_sasl_auth_clients=yes).  Yay for Microsoft!

Have you modified your cipher settings in postfix?  FYR, Outlook XP/2003
and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES,
whereas Thunderbird supports and prefers AES256-SHA.

On my own mail server, I can send email using all four clients through
STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE).  The server
is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with
default tls_*_cipherlist settings.

Be happy to compare configs off-list, postconf -n and the like.

P.S. You may want to retry this question on postfix-users.  You'll have
better luck if you're willing to wade through the usual "ditch MS" rude
commentary.

P.P.S. Please configure your mail client to wrap lines.

--
Darren Pilgrim
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Postfix + AUTH/TLS + Outlook/OE problem

Brian Candler
In reply to this post by Adrian Gonzalez-2
On Thu, Aug 17, 2006 at 03:52:02PM -0500, Adrian Gonzalez wrote:

> I'm seeing some very strange behavior with Outlook 2003 and Outlook Express
> trying to send mail using TLS/SMTP Auth with Postfix 2.3 and FreeBSD
> 6.1-STABLE
>
> It seems like Outlook/OE don't like the SSL handshake for some reason.  
> They connect to the server, issue STARTTLS, and disconnect during the
> handshake, giving an "Error Number: 0x800CCC0B".  I've tried both STARTTLS
> and using 'wrapper mode' on port 465 with the same results.  Other clients
> like Thunderbird are able to send just fine using the same server
> w/STARTTLS, so I'm assuming it's not a configuration/authentication issue.
>
> I thought it could be related to the chained SSL certificate we're using
> (GoDaddy), but the results were the same with a self-signed cert.
>
> I also tried updating OpenSSL to the latest 'stable' release (0.9.7j), same
> results.
>
> I've been banging my head against the wall with this one

You don't seem to have considered the possibility that Microsoft software is
simply broken. When another client connects without any problem at all, this
would seem to be a pretty fair conclusion. You could always go and ask
Microsoft what "Error 0x800CCC0B" means though.

> To make matters even stranger, in Outlook Express, when you create the
> message and click send, you get the error message and the email stays in
> the outbox.  After that if you do a Send/Receive, OE is able to negotiate
> TLS properly and sends the message just fine.

So the client fails first time, and works correctly the second. Sounds like
a client bug to me.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Postfix + AUTH/TLS + Outlook/OE problem

Adrian Gonzalez-2
In reply to this post by Darren Pilgrim-2

Hi Darren

Comments below...

Darren Pilgrim wrote:

> Adrian Gonzalez wrote:
>  > Hello
>  >
>  > I'm seeing some very strange behavior with Outlook 2003 and Outlook
>  > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and
>  > FreeBSD 6.1-STABLE
>  >
>  > It seems like Outlook/OE don't like the SSL handshake for some
>  > reason.  They connect to the server, issue STARTTLS, and disconnect
>  > during the handshake, giving an "Error Number: 0x800CCC0B".  I've
>  > tried both STARTTLS and using 'wrapper mode' on port 465 with the
>  > same results.
>
> Which version of Outlook Express were you using?  Outlook Express 6
> doesn't support STARTTLS, only wrapper-mode.  OE6 also also has a broken
> SASL implementation (set broken_sasl_auth_clients=yes).  Yay for Microsoft!

Outlook Express 6 (6.00.2900.2180 according to the 'about' window).  Basically,
the one that comes with Windows XP Pro + All current updates/service packs.  It
does seem to be trying STARTTLS though.  I did have the broken_sasl_auth_clients
  option enabled, I believe it just causes postfix to 'advertise' AUTH in the
usual way along with outlook's broken way.

> Have you modified your cipher settings in postfix?  FYR, Outlook XP/2003
> and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES,
> whereas Thunderbird supports and prefers AES256-SHA.

I suspect OE might not like what the server is offering, but I'm not qute sure
what to change.  The postfix manual strongly advises against excluding ciphers.
  Any suggestions?

> On my own mail server, I can send email using all four clients through
> STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE).  The server
> is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with
> default tls_*_cipherlist settings.

I'm using 2.3.0,1 with the updated stable OpenSSL.  I'll try updating my ports
tree and rebuilding the latest stable postfix and see what happens.

> Be happy to compare configs off-list, postconf -n and the like.

Thanks!

>
> P.S. You may want to retry this question on postfix-users.  You'll have
> better luck if you're willing to wade through the usual "ditch MS" rude
> commentary.
>

> P.P.S. Please configure your mail client to wrap lines.
I normally do, but the postfix logs looked really bad with wrapping :)
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Postfix + AUTH/TLS + Outlook/OE problem

Vlad GALU
On 8/19/06, Adrian Gonzalez <[hidden email]> wrote:

>
> Hi Darren
>
> Comments below...
>
> Darren Pilgrim wrote:
> > Adrian Gonzalez wrote:
> >  > Hello
> >  >
> >  > I'm seeing some very strange behavior with Outlook 2003 and Outlook
> >  > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and
> >  > FreeBSD 6.1-STABLE
> >  >
> >  > It seems like Outlook/OE don't like the SSL handshake for some
> >  > reason.  They connect to the server, issue STARTTLS, and disconnect
> >  > during the handshake, giving an "Error Number: 0x800CCC0B".  I've
> >  > tried both STARTTLS and using 'wrapper mode' on port 465 with the
> >  > same results.
> >

   Don't you have any antiviral software running on the Win32 box by
any chance ? There are cases (such as with Avast) when the STARTTLS
doesn't succeed due to the software's connection monitoring module
refusing to let it pass due to encryption.


> > Which version of Outlook Express were you using?  Outlook Express 6
> > doesn't support STARTTLS, only wrapper-mode.  OE6 also also has a broken
> > SASL implementation (set broken_sasl_auth_clients=yes).  Yay for Microsoft!
>
> Outlook Express 6 (6.00.2900.2180 according to the 'about' window).  Basically,
> the one that comes with Windows XP Pro + All current updates/service packs.  It
> does seem to be trying STARTTLS though.  I did have the broken_sasl_auth_clients
>   option enabled, I believe it just causes postfix to 'advertise' AUTH in the
> usual way along with outlook's broken way.
>
> > Have you modified your cipher settings in postfix?  FYR, Outlook XP/2003
> > and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES,
> > whereas Thunderbird supports and prefers AES256-SHA.
>
> I suspect OE might not like what the server is offering, but I'm not qute sure
> what to change.  The postfix manual strongly advises against excluding ciphers.
>   Any suggestions?
>
> > On my own mail server, I can send email using all four clients through
> > STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE).  The server
> > is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with
> > default tls_*_cipherlist settings.
>
> I'm using 2.3.0,1 with the updated stable OpenSSL.  I'll try updating my ports
> tree and rebuilding the latest stable postfix and see what happens.
>
> > Be happy to compare configs off-list, postconf -n and the like.
>
> Thanks!
>
> >
> > P.S. You may want to retry this question on postfix-users.  You'll have
> > better luck if you're willing to wade through the usual "ditch MS" rude
> > commentary.
> >
>
> > P.P.S. Please configure your mail client to wrap lines.
> I normally do, but the postfix logs looked really bad with wrapping :)
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "[hidden email]"
>


--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[hidden email]"