Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 20292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[7.504] Testing port 465 for SMTP SSL [Solved]

Brian Buchanan
Hello,

I'm trying to test port 465 for SMTP SSL for the SMTP Proxy on the ASG 7.504

First off, port 25 works.  I can: 
telnet 10.1.5.2 25

Trying 10.1.5.2...

Connected to asg3773.toronto.interfast.ca (10.1.5.2).

Escape character is '^]'.

220 asg3773.toronto.interfast.ca ESMTP ready.

ehlo testing

250-asg3773.toronto.interfast.ca Hello c3430.interfast.ca [10.1.8.166]

250-SIZE 20971520

250-PIPELINING

250-STARTTLS

250 HELP

quit

221 asg3773.toronto.interfast.ca closing connection

Connection closed by foreign host.


And I can: 
openssl s_client -starttls smtp -crlf -connect 10.1.5.2:25

CONNECTED(00000003)

depth=0 /C=DE/ST=BW/L=Karlsruhe/O=Astaro AG/OU=Mail Gateway/CN=asg.local/emailAddress=info@astaro.com

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=DE/ST=BW/L=Karlsruhe/O=Astaro AG/OU=Mail Gateway/CN=asg.local/emailAddress=info@astaro.com

verify return:1

---

Certificate chain

 0 s:/C=DE/ST=BW/L=Karlsruhe/O=Astaro AG/OU=Mail Gateway/CN=asg.local/emailAddress=info@astaro.com

   i:/C=DE/ST=BW/L=Karlsruhe/O=Astaro AG/OU=Mail Gateway/CN=asg.local/emailAddress=info@astaro.com

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDkDCCAvmgAwIBAgIJAKWaBhEeDoS2MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD

VQQGEwJERTELMAkGA1UECBMCQlcxEjAQBgNVBAcTCUthcmxzcnVoZTESMBAGA1UE

ChMJQXN0YXJvIEFHMRUwEwYDVQQLEwxNYWlsIEdhdGV3YXkxEjAQBgNVBAMTCWFz

Zy5sb2NhbDEeMBwGCSqGSIb3DQEJARYPaW5mb0Bhc3Rhcm8uY29tMB4XDTA2MDkx

MzExNTg1NVoXDTM0MDEyODExNTg1NVowgY0xCzAJBgNVBAYTAkRFMQswCQYDVQQI

EwJCVzESMBAGA1UEBxMJS2FybHNydWhlMRIwEAYDVQQKEwlBc3Rhcm8gQUcxFTAT

BgNVBAsTDE1haWwgR2F0ZXdheTESMBAGA1UEAxMJYXNnLmxvY2FsMR4wHAYJKoZI

hvcNAQkBFg9pbmZvQGFzdGFyby5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ

AoGBAMXmUx0/ewT7eSpTu52fI29KPdlQpvVeiu1+X5RUjF/6pMPRREGpWzq66zR5

hTUytBIaAthR+1PUVVAFU+POnVgvYPhY+InVknexzZSjQPlQ3RUbTv+GGk2jfcby

C6LyQDICJIh9Swk+B4z5B3Yr0YQK9COUdWbP9DVGoEkv4oyxAgMBAAGjgfUwgfIw

HQYDVR0OBBYEFBe/wo6tRQHBb386/UcWTawsdtfeMIHCBgNVHSMEgbowgbeAFBe/

wo6tRQHBb386/UcWTawsdtfeoYGTpIGQMIGNMQswCQYDVQQGEwJERTELMAkGA1UE

CBMCQlcxEjAQBgNVBAcTCUthcmxzcnVoZTESMBAGA1UEChMJQXN0YXJvIEFHMRUw

EwYDVQQLEwxNYWlsIEdhdGV3YXkxEjAQBgNVBAMTCWFzZy5sb2NhbDEeMBwGCSqG

SIb3DQEJARYPaW5mb0Bhc3Rhcm8uY29tggkApZoGER4OhLYwDAYDVR0TBAUwAwEB

/zANBgkqhkiG9w0BAQUFAAOBgQBqgKpZ+60R0RA4s4t9wJ4yHEOmQgcTy+ijMBHH

ypSjRKJFVh/jZK8iXao7SAHlkynMiw2SBWRmn1juMsOw7ynpEqD37PXua5k8eL/M

8nr2N8isQpVweGbBt8aGx+1maATCFezfmvtVOOnhtk270ZuyisQv4c1Lexe8IeyH

M5F1EQ==

-----END CERTIFICATE-----

subject=/C=DE/ST=BW/L=Karlsruhe/O=Astaro AG/OU=Mail Gateway/CN=asg.local/emailAddress=info@astaro.com

issuer=/C=DE/ST=BW/L=Karlsruhe/O=Astaro AG/OU=Mail Gateway/CN=asg.local/emailAddress=info@astaro.com

---

No client certificate CA names sent

---

SSL handshake has read 1274 bytes and written 351 bytes

---

New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 1024 bit

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : AES256-SHA

    Session-ID: 58F5F2367A198A1F2E09DDEBE508E0F5B597D396FF7995CDB7F88106816E1F1E

    Session-ID-ctx: 

    Master-Key: FE4177A432909CCF9EC71A3FFB3AB67063383ED2607A88891907256A2E500F03D30C496C869DBC124C6FD93375233B64

    Key-Arg   : None

    Krb5 Principal: None

    Start Time: 1269371509

    Timeout   : 300 (sec)

    Verify return code: 18 (self signed certificate)

---

250 HELP

ehlo testing

250-asg3773.toronto.interfast.ca Hello c3430.interfast.ca [10.1.8.166]

250-SIZE 20971520

250-PIPELINING

250 HELP

quit

221 asg3773.toronto.interfast.ca closing connection

closed


but when I try 465, I get no response: 
telnet 10.1.5.2 465

Trying 10.1.5.2...

Connected to asg3773.toronto.interfast.ca (10.1.5.2).

Escape character is '^]'.

ehlo testing

Connection closed by foreign host.


And with openssl: 
openssl s_client -starttls smtp -crlf -connect 10.1.5.2:465

CONNECTED(00000003)

ehlo testing

{waits long time}


I can see the 465 connections in the live log: 
2010:03:23-15:14:56 asg3773 exim[27500]: 2010-03-23 15:14:56 SMTP connection from [10.1.8.166]:49317 (TCP/IP connection count = 1)

2010:03:23-15:15:03 asg3773 exim[30467]: 2010-03-23 15:15:03 TLS error on connection from c3430.interfast.ca [10.1.8.166]:49317 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

2010:03:23-15:15:13 asg3773 exim[27500]: 2010-03-23 15:15:13 SMTP connection from [10.1.8.166]:49318 (TCP/IP connection count = 1)

2010:03:23-15:17:28 asg3773 exim[30667]: 2010-03-23 15:17:28 TLS error on connection from c3430.interfast.ca [10.1.8.166]:49318 (SSL_accept): error:00000000:lib(0):func(0):reason(0)


Is this telling me that SMTP SSL on port 465 isn't working?  Or am I testing this wrong?

Thanks,

Brian

*Edit: I re-read Testing SMTP AUTH connections and used the proper openssl s_client command and it works. 
openssl s_client -crlf -connect 10.1.5.2:465


This thread was automatically locked due to age.
Cookie Information Banner