Announcement

Collapse
No announcement yet.

SMTP with TLS on port 587

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SMTP with TLS on port 587

    Dear All,
    I have a little problem with email setup. I have to use external smtp server from my company to send emails. I was working OK but suddenly it stopped after they did some changes on the smtp server side. The advice I am getting is to connect to smtp server on port 587 and ask my mail client to initiate STARTTLS. When I set it up like this in thunderbird it works fine. However in OX when setting the port 587 it automatically reverts to SSL, which the smtp server does not support. I read in other post that when using port 25, the ox will start tls automatically when detected the support of it on the smtp server side. However, how can I inactivate ssl and turn on tls on the port 587.

    PS: I have two mail accounts, one is localhost through ox and one more external imap account with the external smtp as I explained above.

    Here is piece of my log with I try to connect on 587 port:

    13-Feb-2011 14:42:19 com.openexchange.ajax.Mail action
    SEVERE: MSG-1030 Category=3 Message=Wrong or missing login data to access mail transport server xxx.xxx.xxx.xxx. Error message from mail transport server: failed to connect exceptionID=-396147876-47159
    MSG-1030 Category=3 Message=Wrong or missing login data to access mail transport server xxx.xxx.xxx.xxx. Error message from mail transport server: failed to connect exceptionID=-396147876-47159
    at com.openexchange.smtp.SMTPTransport.sendMailMessag e(SMTPTransport.java:549)
    at com.openexchange.mail.transport.MailTransport.send MailMessage(MailTransport.java:155)
    at com.openexchange.mail.MailServletInterfaceImpl.sen dMessage(MailServletInterfaceImpl.java:1890)
    at com.openexchange.ajax.Mail.action(Mail.java:4191)
    at com.openexchange.ajax.AJAXServlet.fireUploadEvent( AJAXServlet.java:788)
    at com.openexchange.ajax.Mail.doPost(Mail.java:4063)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:616)
    at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:392)
    at com.openexchange.ajax.SessionServlet.service(Sessi onServlet.java:182)
    at com.openexchange.ajax.PermissionServlet.service(Pe rmissionServlet.java:66)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
    at com.openexchange.ajp13.najp.AJPv13RequestHandlerIm pl.doServletService(AJPv13RequestHandlerImpl.java: 504)
    at com.openexchange.ajp13.AJPv13Request.response(AJPv 13Request.java:129)
    at com.openexchange.ajp13.najp.AJPv13RequestHandlerIm pl.createResponse(AJPv13RequestHandlerImpl.java:31 6)
    at com.openexchange.ajp13.najp.AJPv13ConnectionImpl.c reateResponse(AJPv13ConnectionImpl.java:207)
    at com.openexchange.ajp13.najp.AJPv13Task.call(AJPv13 Task.java:346)
    at java.util.concurrent.FutureTask$Sync.innerRun(Futu reTask.java:303)
    at java.util.concurrent.FutureTask.run(FutureTask.jav a:138)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:738)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:764)
    at java.lang.Thread.run(Thread.java:662)
    Caused by: javax.mail.AuthenticationFailedException: failed to connect
    at javax.mail.Service.connect(Service.java:322)
    at com.openexchange.smtp.SMTPTransport.sendMailMessag e(SMTPTransport.java:544)
    ... 20 more

  • #2
    Hi,

    Port 587/tcp is specified for Message Submission (RFC4409). SMTP with STARTTLS is used on Port 25/tcp exclusively and is the current standard for secure mail transfer. STARTTLS via Port 587 is non-standard usage. However, you might check if the SMTP Server announces STARTTLS capability in response to a HELO command.

    Greetings
    Last edited by Martin Heiland; 02-13-2011, 11:07 PM.

    Comment


    • #3
      Nevertheless, RFC 4409 explicitly allows STARTTLS extension.
      Please file a bug report, if Open-Xchange does not support that.
      This memo splits message submission from message relay, allowing each service to operate according to its own rules (for security, policy, etc.), and specifies what actions are to be taken by a submission server. Message relay and final delivery are unaffected, and continue to use SMTP over port 25. When conforming to this document, message submission uses the protocol specified here, normally over port 587. This separation of function offers a number of benefits, including the ability to apply specific security or policy requirements. [STANDARDS-TRACK]

      Comment


      • #4
        Martin, Carsten, thank you for your replies.The external smtp server works with starttls on port 587. How can I check or set the ox to accept the tls on that port? As I said, when used with thunderbird, it works flawlessly. Cheers,

        Comment


        • #5
          Hi,

          perhaps Thunderbird just does trial and error. You could check for STARTTLS capability on Port 587 like this:

          Code:
          [mbraun@mbraun ~]$ telnet xxx.open-xchange.com 587
          Trying xxx.xxx.xxx.xxx...
          Connected to xxx.open-xchange.com.
          Escape character is '^]'.
          220 xxx.open-xchange.com ESMTP Postfix
          EHLO mbraun
          250-xxx.open-xchange.com
          250-PIPELINING
          250-SIZE 100971520
          250-VRFY
          250-ETRN
          [b]250-STARTTLS[/b]
          250-AUTH LOGIN PLAIN
          250-AUTH=LOGIN PLAIN
          250-ENHANCEDSTATUSCODES
          250-8BITMIME
          250 DSN
          If you server also announces STARTTLS support, a bug report would be the way to go.

          Thanks!

          Comment


          • #6
            Yes, as Martin states, the smtp server listening on port 587 MUST of course announce, that it supports STARTTLS!

            Comment


            • #7
              Martin and Carsten,

              Thanks for the reply. I tested the server before and it does announce starttls. Here is the log:

              MacBook-2:~ bs$ telnet xxx.xxx.xxx.xxx 587
              Trying xxx.xxx.xxx.xxx...
              Connected to xxx.xxx.xxx.xxx.
              Escape character is '^]'.
              220 xxx.xxx.xxx.xxx 4.73 Wed, 16 Feb 2011 23:08:08 +0000
              EHLO xxx
              250-xxx.xxx.xxx.xxx Hello xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx]
              250-SIZE 52428800
              250-PIPELINING
              250-AUTH PLAIN LOGIN
              250-STARTTLS
              250 HELP


              Would that be a bug in OX then?

              Comment


              • #8
                Yes, this is clearly a bug.

                Comment


                • #9
                  Hello Carsten,

                  What do I do then? I am a mere user and do not know how to submit a bug :-)

                  Regards

                  Comment


                  • #10
                    Just visit https://bugs.open-xchange.com/ and there you can create an account. Once you've done that, you're able to submit a bug.

                    Comment

                    Working...
                    X