Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Outlook Connector problems with SSL
  •  
pholcomb

Messages: 15
Karma: 0
Send a private message to this user
I'm am new to Kerio Mail Server and am having some problems getting the Outlook connector to work with SSL (everhting else seems to work quite well -- including Webmail and unsecure smtp). In particular, when sending e-mail from outlook via secure SMTP I get, after a wait of a minute or so, an error message from outlook saying that it cannot connect to the kerio smtp server, and all outbox mail stays in the outbox). I know the server is working because I can connect to kerio's secure smtp via outlook express (although every time I start outlook express it complains about Kerio's security certificate CN name not matching the passed value). I ahve install kerio's certificate via IE Explorer 7 (and Webmail). Can anyone help with this problem?

Thanks
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Outlook is using SMTP with STARTTLS extension which works over standard port 25 (not SMTPS). Please make sure that SMTP port is accessible on the server.
  •  
pholcomb

Messages: 15
Karma: 0
Send a private message to this user
Yes, port 25 is enabled, and if I set Outlook to run without ssl, then mail does go out. However, when I select the ssl checkbox in the Outlook connector settings dialog box, Outlook automatically changes the IMAP port to 993 (the default secure port) and the HTTPS port to 443, but it leaves the smtp port at 25 (the insecure default). The documentation clearly states that it you choose ssl that all ports have to be mapped to secure servers (which is 465 for SMTPS). Regardless, leaving the ssl defaults as selected by outlook (993, 443 and 25) I can still not send e-mail. Outlook express on the other hand can use either the secure (993 and 465) or the insecure ports and they both seem to work. Am I missing something about how smtp ssl works?
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
The following document may help you to understand:

http://xml.resource.org/public/rfc/html/rfc2487.html

'Secure SMTP' is now done using TLS over port 25. For all intensive purposes, SSL SMTP over port 465 is obsolete. (It is not technically obsolete, but secure SMTP traffic should be done using TLS whenever possible).

When servers transfer mail between each other, they use port 25, and most of the time they use TLS SMTP over port 25; they do not use SSL SMTP over port 465. This is why you are still able to securely receive mail without having to open port 465 on your firewall.

It helps if you break your notion of port 25 being 'insecure' and port 465 being 'secure'. I know this seems unusual, which makes it difficult to understand.

As far as not being able to send mail when using port 25 in KOC, my guess is there is a content filter along the way that is not allowing those TCP packets to pass through because the content filter can not scan them (content filters can not scan secure traffic, and some choose to block that traffic).

My recommendation would be to submit a support ticket if you need some help configuring your server and KOC to send mail.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
Previous Topic: Sort by last name
Next Topic: Mail bounces: 'sending to a non-local e-mail address'
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 03:38:02 CET 2017

Total time taken to generate the page: 0.00427 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.