Mailing List CGatePro@mail.stalker.com Message #102749
From: Scott Jensen <jensen@ilp.mit.edu>
Subject: Re: Problem establishing a secure SMTP connection
Date: Mon, 28 Nov 2011 18:03:45 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.936)
Hi again,
     A bit of new info:  I found the prefs for TLS behavior and turned the logging option up to All Info.  This is now in the log file:

17:52:33.182 2 TLS-181184 session created for SMTPI-090400, v.1, method=AES256_SHA
17:52:33.265 2 TLS-181184 session closed by SMTPI-090400, refCount=1
17:52:33.265 3 SMTPI-090400(msg2.disney.com) failed to accept a secure connection for 'ocr-mail.mit.edu'. Error Code=connection closed by peer

     In just the few minutes that I've had TLS logging turned up, I see several SMTPI connections from other systems using the method AES256_SHA (all successful), so I have to think it's not a problem in CGP's implementation of AES256_SHA...

     Again, any other ideas?...

---SCJ



On Nov 28, 2011, at 5:07 PM, Scott Jensen wrote:

Hi,
     I've got a problem I've never seen before occurring today (apparently it started just before thanksgiving).  Some users at Disney are trying to send messages to my users, and they're getting a failure bounce back.  We can send messages to them with no problem, but they can't send or reply to us.  The problem seems to revolve around the inability of the two servers to negotiate a TLS connection.  Here's an example bounce a Disney user is getting back (sent to me via gmail - sender & rcvr addresses changed):

Diagnostic information for administrators:

Generating server: msg3.disney.com

ilp-user@ilp.mit.edu
#< #4.4.7 SMTP; 403 4.7.0 TLS handshake failed.> #SMTP#

Original message headers:

Return-Path: <disney-sender@disney.com>
Received: from int2.disney.pvt (int2.disney.pvt [153.7.110.7])
	by msg3.disney.com (Switch-3.4.4/Switch-3.4.3) with ESMTP id pAN1ntKk027634
	for <ilp-user@ilp.mit.edu>; Wed, 23 Nov 2011 01:49:55 GMT
Received: from sm-cala-xht02.swna.wdpr.disney.com (SM-CALA-XHT02.swna.wdpr.disney.com [153.7.248.17])
	by int2.disney.pvt (Switch-3.4.4/Switch-3.4.3) with ESMTP id pAN1nsff014976
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL)
	for <ilp-user@ilp.mit.edu>; Wed, 23 Nov 2011 01:49:54 GMT
Received: from sm-cala-vxmb05b.swna.wdpr.disney.com
 ([fe80::9c8d:2c28:ac0e:7256]) by sm-cala-xht02.swna.wdpr.disney.com
 ([2002:9907:f811::9907:f811]) with mapi; Tue, 22 Nov 2011 17:49:54 -0800
From: "Disney Sender name" <disney-sender@disney.com>
To: "ILP User name" <ilp-user@ilp.mit.edu>,
        "Other Disney Recip name"
	<disney-rcvr-2@disney.com>
Date: Tue, 22 Nov 2011 17:49:53 -0800
Subject: Re: (Disney Studios) - just got your message
Thread-Topic: (Disney Studios) - just got your message
Thread-Index: AcypgjJoRGvU9sSRQqa6l9SsKBm3XQ==
Message-ID: <CAF1903C.B842%jamie.voris@disney.com>
In-Reply-To: <72304638-F1B5-4869-952E-C85B3287A080@ilp.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
acceptlanguage: en-US
Content-Type: text/plain
MIME-Version: 1.0
X-Source-IP: SM-CALA-XHT02.swna.wdpr.disney.com [153.7.248.17]

Final-recipient: RFC822; ilp-user@ilp.mit.edu
Action: failed
Status: 4.4.7
X-Supplementary-Info: < #4.4.7 SMTP; 403 4.7.0 TLS handshake failed.>



     I turned up the SMTP logging level to All Info and asked them to try sending to me again.  Here's what I got in the log file.

16:31:26.886 4 SMTPI-090136([204.128.192.36]) got connection on [18.198.1.80]:25(ocr-mail.mit.edu) from [204.128.192.36]:36718
16:31:56.979 5 SMTPI-090136([204.128.192.36]) out: 220 ocr-mail-admin.mit.edu ESMTP CommuniGate Pro 5.4.2\r\n
16:31:57.061 5 SMTPI-090136([204.128.192.36]) inp: EHLO msg2.disney.com
16:31:57.096 5 SMTPI-090136(msg2.disney.com) out: 250-ocr-mail-admin.mit.edu is pleased to meet you\r\n250-DSN\r\n250-SIZE 78643200\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI MSN NTLM\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n
16:31:57.178 5 SMTPI-090136(msg2.disney.com) inp: STARTTLS
16:31:57.179 5 SMTPI-090136(msg2.disney.com) out: 220 please start a TLS connection\r\n
16:31:57.344 3 SMTPI-090136(msg2.disney.com) failed to accept a secure connection for 'ocr-mail.mit.edu'. Error Code=connection reset by peer
16:31:57.544 4 SMTPI-090136(msg2.disney.com) closing connection
16:31:57.544 4 SMTPI-090136(msg2.disney.com) releasing stream


     Any ideas?  Our CGP is v5.4.2 running on a OSX 10.6 box.  My initial reaction is that there must be something wrong with their server, since we have no problem receiving email from anyone else, but I suspect their email admins might say the same thing...

     Thanks for any help!
---SCJ





-- 
Scott C. Jensen
  Asst. Director, Office of Info Services
    MIT Corporate Relations - Industrial Liaison Program
      Room W98-050    600 Memorial Drive   Cambridge, MA   02139
        617/253-0441      FAX: 617/258-0796     Email: jensen@mit.edu

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster