0

I'm trying to setup TLS e-mail on remote machine, but it doesn't work.

Trying to send e-mail on my local machine (Windows 7 x64 locale ru-ru):

    16:33:18 CONNECT   : Looking up host name mail.domain.com...
    16:33:18 CONNECT   : Host name mail.domain.com found
    16:33:18 CONNECT   : Connecting to host mail.domain.com [123.456.789.123:25]...
    16:33:18 CONNECT   : Connected to host mail.domain.com [123.456.789.123:25]
    16:33:19 SMTP REPLY: 220 mail.domain.com ESMTP Postfix
    16:33:19 SMTP SEND : EHLO hostname
    16:33:19 SMTP REPLY: 250-mail.domain.com
    16:33:19 SMTP REPLY: 250-PIPELINING
    16:33:19 SMTP REPLY: 250-SIZE 73400320
    16:33:19 SMTP REPLY: 250-VRFY
    16:33:19 SMTP REPLY: 250-ETRN
    16:33:19 SMTP REPLY: 250-STARTTLS
    16:33:19 SMTP REPLY: 250-ENHANCEDSTATUSCODES
    16:33:19 SMTP REPLY: 250-8BITMIME
    16:33:19 SMTP REPLY: 250 DSN
    16:33:19 SMTP SEND : STARTTLS
    16:33:19 SMTP REPLY: 220 2.0.0 Ready to start TLS

All is correct.

Then, using the same email account, on remote machine, all settings are absolutely identical (Windows XP Home locale ru-ru, but it's not actually home station):

    16:34:29 CONNECT   : Looking up host name mail.domain.com...
    16:34:29 CONNECT   : Host name mail.domain.com found
    16:34:29 CONNECT   : Connecting to host mail.domain.com [123.456.789.123:25]...
    16:34:30 CONNECT   : Connected to host mail.domain.com [123.456.789.123:25]
    16:34:30 SMTP REPLY: 220 ***************************
    16:34:30 SMTP SEND : EHLO hostname
    16:34:31 SMTP REPLY: 250-mail.domain.com
    16:34:31 SMTP REPLY: 250-PIPELINING
    16:34:31 SMTP REPLY: 250-SIZE 73400320
    16:34:31 SMTP REPLY: 250-VRFY
    16:34:31 SMTP REPLY: 250-ETRN
    16:34:31 SMTP REPLY: 250-XXXXXXXA
    16:34:31 SMTP REPLY: 250-ENHANCEDSTATUSCODES
    16:34:31 SMTP REPLY: 250-8BITMIME
    16:34:31 SMTP REPLY: 250 DSN
    16:34:31 SMTP SEND : QUIT
    16:34:32 SMTP REPLY: 221 2.0.0 Bye
    16:34:32 DISCONNECT: Disconnected from server

As you see, server closes the connection. But why, some kind of encoding/decoding issues on local machine or what?

P.S. Telnet gives the same results:

    SMTP REPLY: 220 ***************************
Okloks
  • 101
  • 3

1 Answers1

4

16:33:19 SMTP REPLY: 250-STARTTLS

16:34:31 SMTP REPLY: 250-XXXXXXXA

It looks for me that there is something manipulating the connection, in that it explicitly replaces the announced STARTTLS feature from the server with some junk. This way the client thinks that STARTTLS is not supported and will often downgrade to plain text and thus the intercepting program/device has access to the transferred mail.

This kind of interception might be done by local virus scanners. But I've seen SMTP interception also done with central firewalls in hotels and companies, so that they can do spam and malware protection.

Community
  • 1
Steffen Ullrich
  • 12,227
  • 24
  • 37
  • 3
    Also, some adaptive firewalls do "helpful" things like this. – MadHatter Mar 24 '15 at 10:15
  • Agreed, 99%, that is a virus. This remote workstation is located at far north of my country, without antivirus software. Don't ask me, I don't know why. – Okloks Mar 24 '15 at 10:31
  • Antivirus check didn't revealed any viruses. But I found Combofix installed. – Okloks Mar 29 '15 at 13:28
  • SOLVED. Something was blocking 25 port (probably Cisco router) https://stomp.colorado.edu/blog/blog/2012/12/31/on-smtp-starttls-and-the-cisco-asa/ – Okloks Sep 19 '15 at 21:46