Office 365 SMTP server not advertising StartTLS
-
The logs from two separate email libraries show smtp.office365.com not offering StartTLS
log #1
01/16/19 13:16:09 Opening Socket. Performing DNS lookup: smtp.office365.com Connecting to: 40.101.128.18 220 YTXPR0101CA0068.outlook.office365.com ESMTP Service ready EHLO domain.com 250-Requested mail action okay, completed 250-SIZE 20000000 250-8BITMIME 250 OK STARTTLS 503 Bad sequence of commands 503 Bad sequence of commands QUIT 221 Service closing transmission channellog #2
Connected to smtp://smtp.office365.com:587/?starttls=always S: 220 YTXPR0101CA0071.outlook.office365.com ESMTP Service ready C: EHLO [10.25.124.141] S: 250-Requested mail action okay, completed S: 250-SIZE 20000000 S: 250-8BITMIME S: 250 OKHowever, following the same commands via telnet shows StartTLS offered
220 BYAPR03CA0002.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 16 Jan 2019 23:11:15 +0000 EHLO domain.com 250-BYAPR03CA0002.outlook.office365.com Hello [x.x.x.x] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8This is on Windows. I haven't tried what happens on a different computer, but I'm wondering what could possibly be the difference happening here that's causing the server to respond differently?
-
Whatever app you are using is doing something different? Because it has always work for e when using telnet.
-
@JaredBusch said in Office 365 SMTP server not advertising StartTLS:
Whatever app you are using is doing something different? Because it has always work for e when using telnet.
I'm not sure this is helpful... His Telnet IS showing it, the logs from his mail server are not.
-
Tested using same application but on different computer and network, works without any issue.
Need to verify whether or not it's only happening on one of the computers on their network.
-
Could it be TLS 1.2 is not set as the default on the client system? If it is Windows 7, you need to adjust some registry entries.
-
@wrx7m said in Office 365 SMTP server not advertising StartTLS:
Could it be TLS 1.2 is not set as the default on the client system? If it is Windows 7, you need to adjust some registry entries.
The one email library will only use a maximum of TLS 1.0. And it is before the TLS handshake, so I wouldn't think that TLS version would be a consideration yet.
-
@flaxking said in Office 365 SMTP server not advertising StartTLS:
@wrx7m said in Office 365 SMTP server not advertising StartTLS:
Could it be TLS 1.2 is not set as the default on the client system? If it is Windows 7, you need to adjust some registry entries.
The one email library will only use a maximum of TLS 1.0. And it is before the TLS handshake, so I wouldn't think that TLS version would be a consideration yet.
OK, because they started forcing TLS 1.2 back in October.
-
@wrx7m said in Office 365 SMTP server not advertising StartTLS:
@flaxking said in Office 365 SMTP server not advertising StartTLS:
@wrx7m said in Office 365 SMTP server not advertising StartTLS:
Could it be TLS 1.2 is not set as the default on the client system? If it is Windows 7, you need to adjust some registry entries.
The one email library will only use a maximum of TLS 1.0. And it is before the TLS handshake, so I wouldn't think that TLS version would be a consideration yet.
OK, because they started forcing TLS 1.2 back in October.
Nope, they've updated that notice
-
@flaxking Guess we are thinking of different notices... https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365
-
@wrx7m "Note This doesn't mean Office 365 will block TLS 1.0 and 1.1 connections. There is no official date for disabling or removing TLS 1.0 and 1.1 in the TLS service for customer connections."
-
@flaxking Gotcha. But, it has caused issues depending on how you are connecting and what you are connecting with. I had issues connecting with Windows 7 and Outlook and was told by support to apply registry fix and make sure a certain update was applied.
-
Isn't the list of SMTP commands given before there is any attempt to bring up a TLS tunnel? Assuming my understanding of that is correct - then it shouldn't matter what version of TLS is supported - the advertising of STARTTLS should still be in the list - and the library's aren't seeing them - right?
-
From what I heard from our tech, it sounds like the company's UTM was messing with it.
-
@flaxking said in Office 365 SMTP server not advertising StartTLS:
From what I heard from our tech, it sounds like the company's UTM was messing with it.
That's quite possible. UTMs can introduce a lot of problems.
-
@scottalanmiller said in Office 365 SMTP server not advertising StartTLS:
@flaxking said in Office 365 SMTP server not advertising StartTLS:
From what I heard from our tech, it sounds like the company's UTM was messing with it.
That's quite possible. UTMs can introduce a lot of problems.
LOL I was going to say the same thing...
-
@flaxking said in Office 365 SMTP server not advertising StartTLS:
From what I heard from our tech, it sounds like the company's UTM was messing with it.
Which UTM? Hopefully not SOnicwall in this case.
-
@dbeato said in Office 365 SMTP server not advertising StartTLS:
@flaxking said in Office 365 SMTP server not advertising StartTLS:
From what I heard from our tech, it sounds like the company's UTM was messing with it.
Which UTM? Hopefully not SOnicwall in this case.
Hopefully it IS SonicWall, so that all these stupid issues can be isolated to one bad vendor rather than sprawling across the industry.
-
@scottalanmiller said in Office 365 SMTP server not advertising StartTLS:
@dbeato said in Office 365 SMTP server not advertising StartTLS:
@flaxking said in Office 365 SMTP server not advertising StartTLS:
From what I heard from our tech, it sounds like the company's UTM was messing with it.
Which UTM? Hopefully not SOnicwall in this case.
Hopefully it IS SonicWall, so that all these stupid issues can be isolated to one bad vendor rather than sprawling across the industry.
They are not the only one as I can mention many....
-
No idea, we don't manage the client's infrastructure
-
@flaxking said in Office 365 SMTP server not advertising StartTLS:
No idea, we don't manage the client's infrastructure
Then it was definitely the UTM, no question.
