Outlook 2003 fails to use SSL

[Richard Stevenson]

Hi all

I'm running a Sendmail server, with both smtps and STARTTLS enabled
(smtps on port 465, STARTTLS on both 25 and 587). This works fine
with other mail clients, and with some versions of Outlook. I've got
a new guy here whose mail I have to configure, and he's using
"Microsoft Office Outlook 2003 (11.5608.5606)". When trying to send
mail, he gets this error:

error (0x800CCC7D): 'Your outgoing (SMTP) server does not support
SSL-secured connections. If SSL-secured connections have worked in
the past, contact your server administrator or Internet service
provider (ISP).'

Enabling debugging on the server clearly shows that STARTTLS is both
enabled *and offered* to the client (I apologise for the long lines):

Mar 22 12:26:29 foo sm-mta[97772]: NOQUEUE: connect from
client.internal [192.168.1.109]
Mar 22 12:26:29 foo sm-mta[97772]: AUTH warning: no mechanisms
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 220
foo.internal ESMTP Sendmail 8.12.11/8.12.11; Mon, 22 Mar 2004 1
2:26:29 +1200 (NZST)
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: <-- EHLO NONSENSE
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: ---
250-foo.internal Hello client.internal [192.168.1.109], pleased to
meet you
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: ---
250-ENHANCEDSTATUSCODES
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-PIPELINING
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-8BITMIME
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-SIZE
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-DSN
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-ETRN
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-STARTTLS
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-DELIVERBY
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250 HELP
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: <-- QUIT
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 221 2.0.0
foo.internal closing connection
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: client.internal
[192.168.1.109] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA


Seems to me this is a bug in this build of Outlook 2003, and it's a
major issue. Any ideas/fixes, other than using another mail client or
buying a license for an older version of Outlook? There don't seem to
be any updates listed at the OfficeUpdate site.

Regards

Richard

 

[Jeff Stephenson [MSFT]]

On which port is he trying to connect? Outlook 2003 (and 2002, post SP-1,
for that matter) will initially attempt STARTTLS on port 25 and SSL on any
other port. If that fails, it will fallback to the alternative. Could you
turn on diagnostic logging (see
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300479) and post
the OPMLog.log file (preferably as an attachment) after this fails for the
user?

--
Jeff Stephenson
Outlook Development
This posting is provided "AS IS" with no warranties, and confers no rights

Hi all

I'm running a Sendmail server, with both smtps and STARTTLS enabled
(smtps on port 465, STARTTLS on both 25 and 587). This works fine
with other mail clients, and with some versions of Outlook. I've got
a new guy here whose mail I have to configure, and he's using
"Microsoft Office Outlook 2003 (11.5608.5606)". When trying to send
mail, he gets this error:

error (0x800CCC7D): 'Your outgoing (SMTP) server does not support
SSL-secured connections. If SSL-secured connections have worked in
the past, contact your server administrator or Internet service
provider (ISP).'

Enabling debugging on the server clearly shows that STARTTLS is both
enabled *and offered* to the client (I apologise for the long lines):

Mar 22 12:26:29 foo sm-mta[97772]: NOQUEUE: connect from
client.internal [192.168.1.109]
Mar 22 12:26:29 foo sm-mta[97772]: AUTH warning: no mechanisms
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 220
foo.internal ESMTP Sendmail 8.12.11/8.12.11; Mon, 22 Mar 2004 1
2:26:29 +1200 (NZST)
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: <-- EHLO NONSENSE
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: ---
250-foo.internal Hello client.internal [192.168.1.109], pleased to
meet you
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: ---
250-ENHANCEDSTATUSCODES
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-PIPELINING
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-8BITMIME
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-SIZE
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-DSN
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-ETRN
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-STARTTLS
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-DELIVERBY
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250 HELP
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: <-- QUIT
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 221 2.0.0
foo.internal closing connection
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: client.internal
[192.168.1.109] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA


Seems to me this is a bug in this build of Outlook 2003, and it's a
major issue. Any ideas/fixes, other than using another mail client or
buying a license for an older version of Outlook? There don't seem to
be any updates listed at the OfficeUpdate site.

Regards

Richard

 

[Richard Stevenson]

On which port is he trying to connect? Outlook 2003 (and 2002, post SP-1,
for that matter) will initially attempt STARTTLS on port 25 and SSL on any
other port. If that fails, it will fallback to the alternative. Could you
turn on diagnostic logging (see
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300479) and post
the OPMLog.log file (preferably as an attachment) after this fails for the
user?

Hi Jeff

I've tried 25 and 587 (supporting STARTTLS), and 465 (using smtps), all
with no success. The log I posted originally was for port 25. I'll get
my hands on that system again tomorrow, so I'll get the debug log from the
Outlook end for you.

One interesting point: we use imaps here, and that works just fine.

Thanks for your reply.

Regards

Richard

Hi all

I'm running a Sendmail server, with both smtps and STARTTLS enabled
(smtps on port 465, STARTTLS on both 25 and 587). This works fine
with other mail clients, and with some versions of Outlook. I've got
a new guy here whose mail I have to configure, and he's using
"Microsoft Office Outlook 2003 (11.5608.5606)". When trying to send
mail, he gets this error:

error (0x800CCC7D): 'Your outgoing (SMTP) server does not support
SSL-secured connections. If SSL-secured connections have worked in
the past, contact your server administrator or Internet service
provider (ISP).'

Enabling debugging on the server clearly shows that STARTTLS is both
enabled *and offered* to the client (I apologise for the long lines):

Mar 22 12:26:29 foo sm-mta[97772]: NOQUEUE: connect from
client.internal [192.168.1.109]
Mar 22 12:26:29 foo sm-mta[97772]: AUTH warning: no mechanisms
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 220
foo.internal ESMTP Sendmail 8.12.11/8.12.11; Mon, 22 Mar 2004 1
2:26:29 +1200 (NZST)
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: <-- EHLO NONSENSE
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: ---
250-foo.internal Hello client.internal [192.168.1.109], pleased to
meet you
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: ---
250-ENHANCEDSTATUSCODES
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-PIPELINING
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-8BITMIME
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-SIZE
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-DSN
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-ETRN
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-STARTTLS
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250-DELIVERBY
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 250 HELP
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: <-- QUIT
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: --- 221 2.0.0
foo.internal closing connection
Mar 22 12:26:29 foo sm-mta[97772]: i2M0QTr2097772: client.internal
[192.168.1.109] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA


Seems to me this is a bug in this build of Outlook 2003, and it's a
major issue. Any ideas/fixes, other than using another mail client or
buying a license for an older version of Outlook? There don't seem to
be any updates listed at the OfficeUpdate site.

Regards

Richard

--

 

[Richard Stevenson (rot13)]

On which port is he trying to connect? Outlook 2003 (and 2002, post SP-1,
for that matter) will initially attempt STARTTLS on port 25 and SSL on any
other port. If that fails, it will fallback to the alternative. Could you
turn on diagnostic logging (see
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300479) and post
the OPMLog.log file (preferably as an attachment) after this fails for the
user?

Ah... found it, with the help of that log. The logfile showed an error
message that the server didn't send (it appears nowhere in the Sendmail
source code, and it's in Engrish... whatever you think of the Sendmail
guys, they can at least speak properly). The guy's laptop had one of
those really annoying virus scanners that intercepted outbound SMTP
traffic without needing to change the client settings (sort of like a
transparent proxy, I guess). I've killed it.

Thanks for your help - it would have taken me *much* longer to find it if
I hadn't had that clue.

Cheers

Richard

 

[Jeff Stephenson [MSFT]]

Glad to have been of assistance. Thanks for your input as well - it pointed
out to me that we really needed to change our SSL/TLS defaults for
particular port numbers...