Thread: Outlook 2003 ignores [E]SMTP welcome banner and refused to send mail. (Receiving works fine through POP)
View Single Post
  #1  
Old November 7th 09, 04:09 AM posted to microsoft.public.outlook,microsoft.public.outlook.general,microsoft.public.outlook.installation,microsoft.public.outlook.interop
Chris Miller[_2_]
external usenet poster
  
Posts: 14
Default Outlook 2003 ignores [E]SMTP welcome banner and refused to send mail. (Receiving works fine through POP)
I'm running Outlook 2003 (SP3). Outlook is not recognizing the SMTP
greeting from the mail server and as a result terminates the connection
without doing anything. I have tried all combinations of:
PORT: 25, 587
AUTHENTICATION: Required, Optional (Plain Text, NTLM, GSSAPI)
ENCRYPTION: Required, Optional (TLS - Self-signed Certificates)

None work. I would expect I should be able to at LEAST get port 25, no
authentication, no encryption to work, but no dice.

I have reviewed the interaction between Outlook 2003 and the mail
server with a packet sniffer and it is clear that the server issues a
220 greeting message and Outlook 2003 summarily "RST"s the connection.
Now, that's just anti-social.

Disab;e your firewall and try again.

My first reaction was that this is clearly not the problem because the
same client machine worked on other servers. But then I considered that
the other servers may not be requiring an encrypted channel or
authentication, so I thought I should give it a try, and I have learned
that the firewall on the client machine is clearly PART of the problem.
I shut it down completly and things started working better.

For example one improvement is that I can see in the log that Outlook
2003 first tries to establish an encrypted chanel but is unable to do so
(SSL_error=5), so he falls back to an unencrypted channel. Then he trys
to authenticate against "250 - AUTH ANONYMOUS DIGEST-MD5 NTLM PLAIN
CRAM-MD5 KERBEROS_V4 LOGIN GSSAPO" and in unable to do so ut just
patiently waits.

So, now I have three much smaller problems -- 1) establishing the
encrypted channel 2) Authenticating and 3) puncturing the firewall in
precisely the correct place to permit this interaction.

1) Encrypted Channel: The server is offering 250 - STARTTLS and Outlook
2003 has a checkbox "This server requires an encrypted connection (SSL)"
We all know that SSLV3 is approximately TLSV1 but "approximately" in the
encryption world in never close enough. Can Outlook 2003 participate in
TLS? If so, what do I need to do to make this work?

.... still waiting to hear about this. It remains the only outstanding
problem. Please note the exercpts from the smtp server log at the end of
this post.


2) Authentication: What authentication scheme does Outlook 2003 want to
use? As you can see I have a huge number to offer but let's focus on one
and make it work. :-)

Outlook 2003 FIRST tries "NTLM" as the authentication mechanism and then
falls back to "LOGIN"


3) Firewall: What ports do I want to open to make Outlook 2003 happy?

Port TCP:113 A.K.A "AUTH" in /etc/services


Chris.


Please notice that Outlook asks to STARTTLS and the server indicates
readiness to do so but indicates a failure to accept what ever encryption
credentials are presented.

sendmail[1700]: nA73ZVwO001700: -- STARTTLS
sendmail[1700]: nA73ZVwO001700: --- 220 2.0.0 Ready to start TLS
sendmail[1700]: STARTTLS=server, info: fds=9/3, err=5
sendmail[1700]: STARTTLS=server, error: accept failed=0, SSL_error=5,
errno=0, retry=-1
sendmail[1700]: nA73ZVwO001700: 10.1.2.129 did not issue MAIL/EXPN/VRFY/ETRN
during connection to MSA
Ads