Outlook 2003 ignores [E]SMTP welcome banner and refused to send mail. (Receiving works fine through

[Chris Miller]

Hi Folks,

I'm running Outlook 2003 (SP3). Outlook is not recognizing the SMTP
greeting from the mail server and as a result terminates the connection
without doing anything. I have tried all combinations of:
PORT: 25, 587
AUTHENTICATION: Required, Optional (Plain Text, NTLM, GSSAPI)
ENCRYPTION: Required, Optional (TLS - Self-signed Certificates)

None work. I would expect I should be able to at LEAST get port 25, no
authentication, no encryption to work, but no dice.

I have reviewed the interaction between Outlook 2003 and the mail server
with a packet sniffer and it is clear that the server issues a 220 greeting
message and Outlook 2003 summarily "RST"s the connection. Now, that's just
anti-social.

I know this appears to be a reasonably wide-spread problem because I can
find many questions about how to solve it, but I find no solutions. I
suspect that it is simply a matter of Outlook 2003 expecting to see
something in the banner that he doesn't see and I need to know what that is.
Can anybody shed some light on this?

Thanks for the help,

Chris.

 

[Brian Tillman [MVP - Outlook]]

I'm running Outlook 2003 (SP3). Outlook is not recognizing the SMTP
greeting from the mail server and as a result terminates the connection
without doing anything. I have tried all combinations of:
PORT: 25, 587
AUTHENTICATION: Required, Optional (Plain Text, NTLM, GSSAPI)
ENCRYPTION: Required, Optional (TLS - Self-signed Certificates)

None work. I would expect I should be able to at LEAST get port 25, no
authentication, no encryption to work, but no dice.

I have reviewed the interaction between Outlook 2003 and the mail server
with a packet sniffer and it is clear that the server issues a 220 greeting
message and Outlook 2003 summarily "RST"s the connection. Now, that's just
anti-social.

Disab;e your firewall and try again.

I know this appears to be a reasonably wide-spread problem because I can
find many questions about how to solve it, but I find no solutions. I
suspect that it is simply a matter of Outlook 2003 expecting to see
something in the banner that he doesn't see and I need to know what that is.
Can anybody shed some light on this?

I think your conclusion that it's a wide-spread problem is erroneous. Far
more people do not have the problem than do.

 

[Chris Miller]

I'm running Outlook 2003 (SP3). Outlook is not recognizing the SMTP

Disab;e your firewall and try again.

My first reaction was that this is clearly not the problem because the same
client machine worked on other servers. But then I considered that the
other servers may not be requiring an encrypted channel or authentication,
so I thought I should give it a try, and I have learned that the firewall on
the client machine is clearly PART of the problem. I shut it down completly
and things started working better.

For example one improvement is that I can see in the log that Outlook 2003
first tries to establish an encrypted chanel but is unable to do so
(SSL_error=5), so he falls back to an unencrypted channel. Then he trys to
authenticate against "250 - AUTH ANONYMOUS DIGEST-MD5 NTLM PLAIN CRAM-MD5
KERBEROS_V4 LOGIN GSSAPO" and in unable to do so ut just patiently waits.

So, now I have three much smaller problems -- 1) establishing the encrypted
channel 2) Authenticating and 3) puncturing the firewall in precisely the
correct place to permit this interaction.

1) Encrypted Channel: The server is offering 250 - STARTTLS and Outlook
2003 has a checkbox "This server requires an encrypted connection (SSL)" We
all know that SSLV3 is approximately TLSV1 but "approximately" in the
encryption world in never close enough. Can Outlook 2003 participate in
TLS? If so, what do I need to do to make this work?

2) Authentication: What authentication scheme does Outlook 2003 want to use?
As you can see I have a huge number to offer but let's focus on one and make
it work.

3) Firewall: What ports do I want to open to make Outlook 2003 happy?

Thanks for the help. Your one sentence, "Disab;e your firewall and try
again." has been the most help I've gotten in several days.

Chris.

 

[Chris Miller]

I'm running Outlook 2003 (SP3). Outlook is not recognizing the SMTP

My first reaction was that this is clearly not the problem because the
same client machine worked on other servers. But then I considered that
the other servers may not be requiring an encrypted channel or
authentication, so I thought I should give it a try, and I have learned
that the firewall on the client machine is clearly PART of the problem. I
shut it down completly and things started working better.

For example one improvement is that I can see in the log that Outlook 2003
first tries to establish an encrypted chanel but is unable to do so
(SSL_error=5), so he falls back to an unencrypted channel. Then he trys
to authenticate against "250 - AUTH ANONYMOUS DIGEST-MD5 NTLM PLAIN
CRAM-MD5 KERBEROS_V4 LOGIN GSSAPO" and in unable to do so ut just
patiently waits.

So, now I have three much smaller problems -- 1) establishing the
encrypted channel 2) Authenticating and 3) puncturing the firewall in
precisely the correct place to permit this interaction.

1) Encrypted Channel: The server is offering 250 - STARTTLS and Outlook
2003 has a checkbox "This server requires an encrypted connection (SSL)"
We all know that SSLV3 is approximately TLSV1 but "approximately" in the
encryption world in never close enough. Can Outlook 2003 participate in
TLS? If so, what do I need to do to make this work?

.... still waiting to hear about this.

2) Authentication: What authentication scheme does Outlook 2003 want to
use? As you can see I have a huge number to offer but let's focus on one
and make it work.

Outlook 2003 FIRST tries "NTLM" as the authentication mechanism and then
falls back to "LOGIN"

3) Firewall: What ports do I want to open to make Outlook 2003 happy?

Port TCP:113 A.K.A "AUTH" in /etc/services


Chris.

 

[Chris Miller]

I'm running Outlook 2003 (SP3). Outlook is not recognizing the SMTP.... still waiting to hear about this. It remains the only outstanding
problem. Please note the exercpts from the smtp server log at the end of
this post.

Outlook 2003 FIRST tries "NTLM" as the authentication mechanism and then
falls back to "LOGIN"


Port TCP:113 A.K.A "AUTH" in /etc/services


Chris.

Please notice that Outlook asks to STARTTLS and the server indicates
readiness to do so but indicates a failure to accept what ever encryption
credentials are presented.

sendmail[1700]: nA73ZVwO001700: <-- STARTTLS
sendmail[1700]: nA73ZVwO001700: --- 220 2.0.0 Ready to start TLS
sendmail[1700]: STARTTLS=server, info: fds=9/3, err=5
sendmail[1700]: STARTTLS=server, error: accept failed=0, SSL_error=5,
errno=0, retry=-1
sendmail[1700]: nA73ZVwO001700: 10.1.2.129 did not issue MAIL/EXPN/VRFY/ETRN
during connection to MSA