none
Exchange smtp using port 465

    Question

  •  

    I am running Exchange server 2003 I have a front end server that sits in my DMZ, and a back end server on my internal network. All incoming and outgoing mail is routed through my front end server.

    On the front end server I have two virtual smtp servers configured one the default that all outgoing and incoming mail are routed through using port 25.

    The second smtp server I have configured for secure access for users who are off site and want to connect to their accounts securely. I have smtpS (port 465) configured on this smtp server. I configure my Outlook Express client to use ssl over port 465 connecting to this server but I then get an error message saying:

    "Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account "KCG", Server "Servername", Protocold: SMTP, Port 465, Secure(SSL): Yes, Error Number: 0x800CCC0F"

    When trying to send mail over port 465. I can send over port 25 with no problems.

    I can telnet and connect to this server over port 465, but when I try to send mail from the command line I get the following error:

    530 5.7.0 Must issue a STARTTLS command first

    Has anyone seen this issue? Any help would be great!!

    Thanks,
    Bill
    Wednesday, August 13, 2008 4:21 PM

Answers

  • Hi Bill,

     

    Some complements:

     

    After further investigation, I found the following information:

     

    1.      From Exchange Server perspective, Exchange will secure communication over any port, but will not use SSL. It uses TLS. The key to remember is the difference between how SSL encryption work with SSL, the secure connection is negotiated first, then the rest of conversation starts. The initial connection is in clear text and we start the secure connection with the STARTTLS command.

     

    2.      From a client perspective, Outlook 2003 and later should be able to negotiate a TLS connection on any port the server is setup to use. The problem is going to be with Outlook Express, and potentially other mail clients. Which Outlook Express can do SSL over another port, it can only do TLS over port 25.

     

    Thus, please let me know whether you are able to configure Outlook 2003 service pack 2/Outlook 2007 to connect to the SMTP port 465 to send email through TLS connection.

     

    For your reference:

    http://support.microsoft.com/?id=307772

     

    Mike

     

    Monday, August 18, 2008 1:42 AM

All replies

  • Hi Bill,

     

    1.      If you configure a client (Outlook Express) to connect to FE server directly or configure OE on the FE server, whether the issue still occurs? If the issue does not occur, please check you firewall setting.

    2.      If you uncheck TLS setting on both client and server, whether the client is able to connect to the port 465 and send email?

    3.      If you configure an Outlook 2003/2007 POP3 account to connect to the FE server (by using TLS) externally, whether the issue still persists?

     

    In addition, please check the SMTP log for related information on the FE server.

     

    for your reference:

    http://support.microsoft.com/kb/829721

     

    Mike

     

    Friday, August 15, 2008 5:48 AM
  • Hi Bill,

     

    Some complements:

     

    After further investigation, I found the following information:

     

    1.      From Exchange Server perspective, Exchange will secure communication over any port, but will not use SSL. It uses TLS. The key to remember is the difference between how SSL encryption work with SSL, the secure connection is negotiated first, then the rest of conversation starts. The initial connection is in clear text and we start the secure connection with the STARTTLS command.

     

    2.      From a client perspective, Outlook 2003 and later should be able to negotiate a TLS connection on any port the server is setup to use. The problem is going to be with Outlook Express, and potentially other mail clients. Which Outlook Express can do SSL over another port, it can only do TLS over port 25.

     

    Thus, please let me know whether you are able to configure Outlook 2003 service pack 2/Outlook 2007 to connect to the SMTP port 465 to send email through TLS connection.

     

    For your reference:

    http://support.microsoft.com/?id=307772

     

    Mike

     

    Monday, August 18, 2008 1:42 AM