Re: [Exim] "SMTP protocol violation: synchronization" error …

Pàgina inicial
Delete this message
Reply to this message
Autor: James P. Roberts
Data:  
A: hauser, exim-users
Assumpte: Re: [Exim] "SMTP protocol violation: synchronization" error when using TLS with Outlook on a port other than 25?
> We are trying to receive mail from various MUAs with exim protected by TLS.
>
> Works fine with Mozilla Messenger, K-Mail etc.
> When doing the same with Outlook, we got
> <<...
> SMTP protocol violation: synchronization error (next input sent too soon):
> rejected "<80>j^A^C^A" H=[10.2.1.1]
> 5217 SMTP>> 554 SMTP synchronization error
> ...>> and it dies.
> In Outlook, one sees for example:
> <<The TCP/IP connection was unexpectedly terminated by the server.>>
>
> Using tcpflow to compare what is going "over the wire", we noticed that
> Outlook isn't sending
> <<EHLO my.computer.com
> STARTTLS
> idhflkjasdhfasdhfoosahdflksdhf
> ...>> like the other MUAs do, but appears to directly send SSL'ed
> information.
>
> ssh tunneling via localhost's port 25 to the true server's port (other than
> 25) is a work-around for testing provided one has ssh access to the mail
> host.
> So, outlook seems to behave differently depending on whether it is going for
> port 25 or other ports.
>
> Therefore my question: has anybody been successful at running a production
> exim with SMTP-TLS on a port other than 25 with Outlook users?
>


Support Outlook users with encryption (smtps) on other than port 25, yes.
Getting Outlook to use TLS on other than port 25, no.

You're observation is correct about M$ Outlook, which apparently uses SMTPS to
all ports other than 25, but TLS to port 25, when the "use SSL/TLS" box is
checked.

See the current thread "TLS and Auth" which suggests using a second Exim bound
to port 465 (smtps port):

exim -bd -oX 465 -tls-on-connect

Another alternative is to use Stunnel on port 465, forwarding to localhost:25.
(If you do this, you must not allow unauthenticated relaying from localhost,
or you end up with an open relay on port 465.)

The second Exim solution is preferred. There have been discussions on the
list before.

Jim Roberts
Punster Productions, Inc.