E-Mail Sending Has Stopped Working On Hardware Devices
-
We have three Toshiba Copiers and a Dell VTRX system that use Port 25 to send SCAN TO EMAIL and alerts respectively and last week, it just stopped working. We use Exchange Online with our Office 365 account and it is 100% cloud based.
On the Toshiba copiers, these are the settings that have been untouched for 4 years and nothing changed here:
Nothing has changed here or on our network. And for kicks, I did try Port 587 with authentication on the Toshiba's and it won't work. Our copier vendor said the Port 25 option is best practice. It will say sending email and then nothing. In the logs, it just shows "Failed to connect to SMTP server."
On the Dell VTRX, it only has a single, bare bones option with no way to change to Port 587...
Here are the troubleshooting steps and notes so far:
-
No Port 25 blocking by ISP
-
Hardware Firewall and the Windows Firewall on the Domain Controller and DHCP/DNS server do not show any kind if Port 25 anomaly.
-
I worked thoroughly with our copier partner, Dell and Microsoft and all have thrown this back on me as an environmental issue.
-
I've rebooted the servers and switches (we have unmanaged switches).
-
Just for note, Veeam, Backup Assist and Spiceworks all use Port 587 and have no issues.
-
I used a telnet connection to our Exchange Server on port 25 and tried some basic tests and they call come back fine...
ehlo ourdomain.com 250-DM5PR0401CA0040.outlook.office365.com Hello [2600:100b:b108:4964:e819:1ce4:a3df:40ff] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 helo ourdomain.com 250 DM5PR0401CA0040.outlook.office365.com Hello [2600:100b:b108:4964:e819:1ce4:a3df:40ff]We have workarounds in place to scan to network folder but our office VP wants his fixed.
Any suggestions?
-
-
In most cases like this, we run a Postfix server on Fedora that accepts unauthenticated port 25 from the devices and then sends out authenticated through O365 or whatever. Often that's the only way.
-
@garak0410 said in Port 25 E-Mail Sending Has Stopped Working:
We use Exchange Online with our Office 365 account and it is 100% cloud based.
On the Toshiba copiers, these are the settings that have been untouched for 4 years and nothing changed here:
TLS 1.2 is now required for authenticated sending. Does your unit support that? If not, that is why that failed.
But for basic SMTP, everything should still be accepted. Did you ever make a receive connector in O365 so it knows this is your email? Or was it just luck that this was coming in?
-
@JaredBusch said in Port 25 E-Mail Sending Has Stopped Working:
@garak0410 said in Port 25 E-Mail Sending Has Stopped Working:
We use Exchange Online with our Office 365 account and it is 100% cloud based.
On the Toshiba copiers, these are the settings that have been untouched for 4 years and nothing changed here:
TLS 1.2 is now required for authenticated sending. Does your unit support that? If not, that is why that failed.
But for basic SMTP, everything should still be accepted. Did you ever make a receive connector in O365 so it knows this is your email? Or was it just luck that this was coming in?
No, no prior connector made, so guessing it was just luck. I did get the alert that on June 2020, TLS 1.0, and 1.1 were being retired for 1.2+ but it should still be working now, correct? And oddly, it was about the time of that "Office 365 Alert" that this stopped working.
-
There is no mention that unencrypted port 25 was going to change, so currently TLS 1.0 should still work until June 2020
-
@Dashrender said in Port 25 E-Mail Sending Has Stopped Working:
There is no mention that unencrypted port 25 was going to change, so currently TLS 1.0 should still work until June 2020
The two parts of your statement have nothing to do with each other.
Unencrypted SMTP does not use TLS 1.0 or any other version of SSL or TLS. Because it is unencrypted..... -
@garak0410 said in Port 25 E-Mail Sending Has Stopped Working:
No, no prior connector made, so guessing it was just luck. I did get the alert that on June 2020, TLS 1.0, and 1.1 were being retired for 1.2+ but it should still be working now, correct? And oddly, it was about the time of that "Office 365 Alert" that this stopped working.
Yes, if you have no connector setup, then it was pure luck that this was ever working.
Basically as far as O365 was concerned, your copier was an entire email server somewhere sending email in to your domain like any other public email server.
Do you have your office IP address in your SPF TXT record for your domain?
-
@JaredBusch said in Port 25 E-Mail Sending Has Stopped Working:
@garak0410 said in Port 25 E-Mail Sending Has Stopped Working:
No, no prior connector made, so guessing it was just luck. I did get the alert that on June 2020, TLS 1.0, and 1.1 were being retired for 1.2+ but it should still be working now, correct? And oddly, it was about the time of that "Office 365 Alert" that this stopped working.
Yes, if you have no connector setup, then it was pure luck that this was ever working.
Basically as far as O365 was concerned, your copier was an entire email server somewhere sending email in to your domain like any other public email server.
Do you have your office IP address in your SPF TXT record for your domain?
I wonder why the Dell VTRX also stopped sending alerts...has to be related.
Yes...I have two TXT records...one for a 192 address and the other for that SFP domain name. Nothing has changed there...
-
@JaredBusch said in Port 25 E-Mail Sending Has Stopped Working:
@Dashrender said in Port 25 E-Mail Sending Has Stopped Working:
There is no mention that unencrypted port 25 was going to change, so currently TLS 1.0 should still work until June 2020
The two parts of your statement have nothing to do with each other.
Unencrypted SMTP does not use TLS 1.0 or any other version of SSL or TLS. Because it is unencrypted.....I was on my phone and interrupted.. yeah yeah.
-
@garak0410 said in Port 25 E-Mail Sending Has Stopped Working:
@JaredBusch said in Port 25 E-Mail Sending Has Stopped Working:
@garak0410 said in Port 25 E-Mail Sending Has Stopped Working:
No, no prior connector made, so guessing it was just luck. I did get the alert that on June 2020, TLS 1.0, and 1.1 were being retired for 1.2+ but it should still be working now, correct? And oddly, it was about the time of that "Office 365 Alert" that this stopped working.
Yes, if you have no connector setup, then it was pure luck that this was ever working.
Basically as far as O365 was concerned, your copier was an entire email server somewhere sending email in to your domain like any other public email server.
Do you have your office IP address in your SPF TXT record for your domain?
I wonder why the Dell VTRX also stopped sending alerts...has to be related.
Yes...I have two TXT records...one for a 192 address and the other for that SFP domain name. Nothing has changed there...
I didn't know you could have two SPF records - and things work as expected.
-
@Dashrender said in Port 25 E-Mail Sending Has Stopped Working:
There is no mention that unencrypted port 25 was going to change, so currently TLS 1.0 should still work until June 2020
What I meant to say was -
Are your devices attempting to use opportunistic TLS? or are they going purely unencrypted?
If purely unencrypted - then I wouldn't expect that MS's killing of TLS 1.0 and 1.1 would ever make any difference.
But if it is using opportunistic TLS, then it should still work today even if your equipment is stuck on TLS 1.0 or 1.1
-
@Dashrender said in Port 25 E-Mail Sending Has Stopped Working:
@Dashrender said in Port 25 E-Mail Sending Has Stopped Working:
There is no mention that unencrypted port 25 was going to change, so currently TLS 1.0 should still work until June 2020
What I meant to say was -
Are your devices attempting to use opportunistic TLS? or are they going purely unencrypted?
If purely unencrypted - then I wouldn't expect that MS's killing of TLS 1.0 and 1.1 would ever make any difference.
But if it is using opportunistic TLS, then it should still work today even if your equipment is stuck on TLS 1.0 or 1.1
That is a good question. On the Dell VTRX (screen shot above) it is just Plain Jane. Oh the Toshiba, I have options to adjust some SSL / TLS settings but even that won't work.
If there is any correlation between the copiers and Dell VTRX is that they are both non-windows/non-web browser based devices.
I've spent way too much time on this but it will have to be resolved.
I set up SCAN TO EMAIL on some Enterprise HP printers we have and it also fails: General send to email error
It was set to Port 25 and no authentication needed.
I then set it up to 587 and authentication...same generic error: General send to email error
-
I've setup a proxy for decrypting TLS SMTP connections once for troubleshooting when I didn't have the private key for the SMTP server. Can't remember the name of the software I used now...
-
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
If there is any correlation between the copiers and Dell VTRX is that they are both non-windows/non-web browser based devices.
Neither. It's that they don't support whatever is desired on the end point. Windows would have the same issues. Whether it is the TLS level, TLS at all, SSL, have an old port, don't have the creds set up, etc. That's the issue.
-
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
I set up SCAN TO EMAIL on some Enterprise HP printers we have and it also fails: General send to email error
It's very rare that devices of that ilk can send to office 365. The assumption is that normally a relay will be necessary. but is a cheap and simple thing to do.
-
@scottalanmiller said in E-Mail Sending Has Stopped Working On Hardware Devices:
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
I set up SCAN TO EMAIL on some Enterprise HP printers we have and it also fails: General send to email error
It's very rare that devices of that ilk can send to office 365. The assumption is that normally a relay will be necessary. but is a cheap and simple thing to do.
They can talk perfectly when just using straight up SMTP with no auth and you have a connector set up. That is the point of connectors.
-
@JaredBusch said in E-Mail Sending Has Stopped Working On Hardware Devices:
@scottalanmiller said in E-Mail Sending Has Stopped Working On Hardware Devices:
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
I set up SCAN TO EMAIL on some Enterprise HP printers we have and it also fails: General send to email error
It's very rare that devices of that ilk can send to office 365. The assumption is that normally a relay will be necessary. but is a cheap and simple thing to do.
They can talk perfectly when just using straight up SMTP with no auth and you have a connector set up. That is the point of connectors.
@garak0410 have you made a connector on O365 as @JaredBusch suggested earlier in the thread? I agree with him that that should fix the issue.
Why it worked before? I haven't a clue - really seems like it should not have because what you were doing was basic relaying.. which MS shouldn't allow.
-
@Dashrender said in E-Mail Sending Has Stopped Working On Hardware Devices:
@JaredBusch said in E-Mail Sending Has Stopped Working On Hardware Devices:
@scottalanmiller said in E-Mail Sending Has Stopped Working On Hardware Devices:
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
I set up SCAN TO EMAIL on some Enterprise HP printers we have and it also fails: General send to email error
It's very rare that devices of that ilk can send to office 365. The assumption is that normally a relay will be necessary. but is a cheap and simple thing to do.
They can talk perfectly when just using straight up SMTP with no auth and you have a connector set up. That is the point of connectors.
@garak0410 have you made a connector on O365 as @JaredBusch suggested earlier in the thread? I agree with him that that should fix the issue.
Why it worked before? I haven't a clue - really seems like it should not have because what you were doing was basic relaying.. which MS shouldn't allow.
Sure thing...what needs to go in this connector? By Domain Name or by IP? And if by IP, will that be our internet gateway IP rather then our local 10. addresses? Finally, how long does it take to propagate?
-
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
@Dashrender said in E-Mail Sending Has Stopped Working On Hardware Devices:
@JaredBusch said in E-Mail Sending Has Stopped Working On Hardware Devices:
@scottalanmiller said in E-Mail Sending Has Stopped Working On Hardware Devices:
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
I set up SCAN TO EMAIL on some Enterprise HP printers we have and it also fails: General send to email error
It's very rare that devices of that ilk can send to office 365. The assumption is that normally a relay will be necessary. but is a cheap and simple thing to do.
They can talk perfectly when just using straight up SMTP with no auth and you have a connector set up. That is the point of connectors.
@garak0410 have you made a connector on O365 as @JaredBusch suggested earlier in the thread? I agree with him that that should fix the issue.
Why it worked before? I haven't a clue - really seems like it should not have because what you were doing was basic relaying.. which MS shouldn't allow.
Sure thing...what needs to go in this connector? By Domain Name or by IP? And if by IP, will that be our internet gateway IP rather then our local 10. addresses? Finally, how long does it take to propagate?
I've never set one up, but in just thinking about - it seems that you would put the external IP address of your gateway. MS has no way of seeing your 10. address on a SMTP connection.
Propagation should be instant. When your machine attempts to connect, it should look to see if you have any connectors setup, if yes - check against them. Done.
-
@Dashrender said in E-Mail Sending Has Stopped Working On Hardware Devices:
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
@Dashrender said in E-Mail Sending Has Stopped Working On Hardware Devices:
@JaredBusch said in E-Mail Sending Has Stopped Working On Hardware Devices:
@scottalanmiller said in E-Mail Sending Has Stopped Working On Hardware Devices:
@garak0410 said in E-Mail Sending Has Stopped Working On Hardware Devices:
I set up SCAN TO EMAIL on some Enterprise HP printers we have and it also fails: General send to email error
It's very rare that devices of that ilk can send to office 365. The assumption is that normally a relay will be necessary. but is a cheap and simple thing to do.
They can talk perfectly when just using straight up SMTP with no auth and you have a connector set up. That is the point of connectors.
@garak0410 have you made a connector on O365 as @JaredBusch suggested earlier in the thread? I agree with him that that should fix the issue.
Why it worked before? I haven't a clue - really seems like it should not have because what you were doing was basic relaying.. which MS shouldn't allow.
Sure thing...what needs to go in this connector? By Domain Name or by IP? And if by IP, will that be our internet gateway IP rather then our local 10. addresses? Finally, how long does it take to propagate?
I've never set one up, but in just thinking about - it seems that you would put the external IP address of your gateway. MS has no way of seeing your 10. address on a SMTP connection.
Propagation should be instant. When your machine attempts to connect, it should look to see if you have any connectors setup, if yes - check against them. Done.
I used my External Gateway...email still failing to send...(General send to email error) may have to try the other suggestions in this thread...
