Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Andrue
(knowledge is power) Tue 29-Jan-13 10:19:10
Print Post

EMail, TLS and the home user


[link to this post]
 
I recently discovered that my home mail server can't start a TLS session with a remote server. From talking to support it seems likely that something is interfering with the STARTTLS command - probably a firewall. Does anyone have any experience of this?

It's a home installation and the only things I can think of that might interfere are:

Windows 7 firewall.
NetGear wnr1000 router.
Avast AV (although I think I disabled port 25 checking on that a long time ago).

I'd be a bit surprised (maybe even impressed) if any of those did application level checking but the Windows 7 firewall is pretty advanced.

FWIW this from the session log:

28/1/2013 20:09:10.115 - M00000005<220 smtp2.ch2m.co.uk ESMTP
28/1/2013 20:09:10.115 - M00000005>EHLO xxxx.xxxx.xxxx
28/1/2013 20:09:10.147 - M00000005<250-smtp2.ch2m.co.uk
28/1/2013 20:09:10.147 - M00000005<250-8BITMIME
28/1/2013 20:09:10.147 - M00000005<250-SIZE 31457280
28/1/2013 20:09:10.147 - M00000005<250 STARTTLS
28/1/2013 20:09:10.147 - M00000005>STARTTLS
28/1/2013 20:09:10.209 - M00000005<500 #5.5.1 command not recognized

---
Andrue Cope
Brackley, UK

Just because he could. RIP.
Standard User yarwell
(sensei) Tue 29-Jan-13 12:11:24
Print Post

Re: EMail, TLS and the home user


[re: Andrue] [link to this post]
 
28/1/2013 20:09:10.147 - M00000005>STARTTLS
28/1/2013 20:09:10.209 - M00000005<500 #5.5.1 command not recognized


while not familiar with the syntax, this suggests the command is received but not supported or the format is wrong ?

--

Phil

MaxDSL - goes as fast as it can and doesn't read the line checker first.

MaxDSL diagnostics
Standard User XRaySpeX
(eat-sleep-adslguide) Tue 29-Jan-13 12:18:52
Print Post

Re: EMail, TLS and the home user


[re: yarwell] [link to this post]
 
In reply to a post by yarwell:
or the format is wrong ?
5. The STARTTLS Command

The format for the STARTTLS command is:

STARTTLS

with no parameters.
The line above says it is available:
In reply to a post by Andrue:
28/1/2013 20:09:10.147 - M00000005<250 STARTTLS


1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC


Register (or login) on our website and you will not see this ad.

Standard User yarwell
(sensei) Tue 29-Jan-13 12:27:25
Print Post

Re: EMail, TLS and the home user


[re: XRaySpeX] [link to this post]
 
so is the server error referring to an (invisible) negotiation failing, or just generating an error in response to an apparently correct command ?

--

Phil

MaxDSL - goes as fast as it can and doesn't read the line checker first.

MaxDSL diagnostics
Standard User Andrue
(knowledge is power) Tue 29-Jan-13 14:08:39
Print Post

Re: EMail, TLS and the home user


[re: yarwell] [link to this post]
 
In reply to a post by yarwell:
so is the server error referring to an (invisible) negotiation failing, or just generating an error in response to an apparently correct command ?
Good question. According to support (and some web sites) it's possible for a firewall to block STARTTLS in order to ensure they can continue monitoring SMTP traffic. So the suspicion is that something (firewall or Avast) sees the STARTTLS in the data stream and does something to break it.

At present I'm suspicious of Avast. I did disable some aspect of it a couple of years ago on the server in order to allow mail to work but it's possible that it's still monitoring the connection in some way. Maybe all I did was tell it to allow incoming traffic on 25. Perhaps I need to tell it to bog off completely. I have found a lot of comments on forums regarding Avast and TLS. It would make sense that if it's trying to scan mail for viruses and other nasties it might want to prevent my server creating an encrypted connection.

---
Andrue Cope
Brackley, UK

Just because he could. RIP.
Standard User Andrue
(knowledge is power) Tue 29-Jan-13 18:34:01
Print Post

Re: EMail, TLS and the home user


[re: Andrue] [link to this post]
 
It was Avast. I'm not sure what I did disable all those months ago but the solution this time was to disable scanning of outbound mail.

---
Andrue Cope
Brackley, UK

Just because he could. RIP.
  Print Thread

Jump to