Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » TLS encrypted messaging
  •  
paduser

Messages: 10
Karma: -1
Send a private message to this user
Hey guys

I tried to send an e-mail to a server that only accepts TLS encryption. Not SSL. I'm getting the following error in my logs.

"Cannot establish SSL session on SMTP server mail.server.org: 220 2.0.0 Ready to start TLS"

and this error as answer mail

"(mail.serber.org: 530 5.7.0 Must issue a STARTTLS command first)"

How do I fix that. Use SSL/TLS if supported by remote SMTP server is enabled in settings

thanks
  •  
Pavel Dobry (Kerio)

Messages: 5228
Karma: 251
Send a private message to this user
STARTTLS is used automatically whenever it is possible. If you have a suspicion that receiving server has problems establishing TLS connection you can verify it for example with OpenSSL s_client tool.
  •  
sfhn

Messages: 67
Karma: 2
Send a private message to this user
same here:

I'm trying to send a mail to a server which allows only TLS... and it doesn't work:

[25391] {smtpc} Sending email to SMTP server mail.sempertv.de, delivering mail from <s------<_at_>-------n.org>
[25391] {smtpc} Connecting to server mail.sempertv.de (87.230.26.176:25) using local interface 0.0.0.0 ...
[25391] {smtpc} Connected to SMTP server mail.sempertv.de
[25391] {smtpc} Received greeting: 220 sv-linux ESMTP Postfix (Ubuntu)
[25391] {smtpc} Sending EHLO
[25391] {smtpc} Switching connection to TLS
[25391] {smtpc} Cannot establish SSL session on SMTP server mail.sempertv.de: 220 2.0.0 Ready to start TLS
[25391] {smtpc} Trying to establish a non-secure connection to server mail.sempertv.de.
[25391] {smtpc} Received greeting: 220 sv-linux ESMTP Postfix (Ubuntu)
[25391] {smtpc} Sending EHLO
[25391] {smtpc} Sent MAIL command
[25391] {smtpc} Got reply: 530 5.7.0 Must issue a STARTTLS command first
[25391] {smtpc} Sender <s------<_at_>------n.org> not accepted: 530 5.7.0 Must issue a STARTTLS command first
[25391] {smtpc} QUIT sent, got reply: 221 2.0.0 Bye
[25391] {smtpc} Delivery to other mx servers was skipped.
  •  
Pavel Dobry (Kerio)

Messages: 5228
Karma: 251
Send a private message to this user
paduser wrote on Thu, 10 March 2016 21:23
Hey guys

I tried to send an e-mail to a server that only accepts TLS encryption. Not SSL. I'm getting the following error in my logs.

"Cannot establish SSL session on SMTP server mail.server.org: 220 2.0.0 Ready to start TLS"

and this error as answer mail

"(mail.serber.org: 530 5.7.0 Must issue a STARTTLS command first)"

How do I fix that. Use SSL/TLS if supported by remote SMTP server is enabled in settings

thanks


There are few weird things about that server. I would say "incompatibilities".

1. It supports only TLS 1.2 therefore other clients using TLS 1.0 or 1.1 can't connect.
2. It uses self-signed server SSL certificate issued for "/CN=localhost.localdomain".

Combination of these three things makes the server quite incompatible with the rest of the word.

Kerio Connect by default uses TLS 1.1 for outgoing SMTP client connections. It can be changed in ClientTlsProtocols value (http://kb.kerio.com/1753). However, we know that some servers in the Internet would fail to do a proper TLS 1.2 negotiation and in such case the email delivery can fail.

[Updated on: Tue, 12 April 2016 17:29]

  •  
Lukas Petrlik (Kerio)

Messages: 117
Karma: 7
Send a private message to this user
sfhn wrote on Tue, 05 April 2016 10:21
[25391] {smtpc} Cannot establish SSL session on SMTP server mail.sempertv.de
Which version of Connect do you use? Do you have any custom settings in the "Security" table in mailserver.cfg? Don't you happen to have a firewall that inspects encrypted communication?

EDIT: I overlooked Pavel Dobry's response, and he is right. Smile

[Updated on: Tue, 05 April 2016 16:07]

Previous Topic: CardDAV for contact folders other than "My Contacts"
Next Topic: Outlook Connector from 8.5.x under 9.x?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon May 01 08:16:52 CEST 2017

Total time taken to generate the page: 0.01170 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.