User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718 I've setup a server where both POP3 and SMTP run over SSL. Both of these use tcpserver/stunnel to wrap the regular POP3 and SMTP daemons with SSL encryption. POP3/SSL email retrieval works fine. However, when I attempt to send email via SMTP/SSL, Mozilla makes the network connection to the server, but it looks like pretty much nothing at all gets sent over the connection. The debug on stunnel just shows that it's got the the SSL setup stage - for POP3/SSL there's a bunch of debug that usually shows up after this detailing info on the SSL ciphers etc. negotiated. This never appears for SMTP/SSL. Clicking cancel in Mozilla make stunnel log an unexpected client disconnect message. Reproducible: Always Steps to Reproduce: 1. Configure mail to use SSL for outbound SMTP. Use stunnel on your server to provide SSL tunneling (same thing may happen with other SSL servers...) I tried both "when available" and "always" SSL options in Mozilla - same results. The value of "use name and password" doesn't seem to affect the problem. 2. Compose and email, and send it. Actual Results: Observe that the "sending" dialog pops up and never goes away until I click cancel. Server logs indicated SSL negotiation didn't occur. Expected Results: SSL gets negotiated, Mozilla authenticates to SMTP server, mail gets sent.
I'm not familiar with stunnel but I think that the clients don't have to know of this tunnel, right? If so, I suspect activating SSL in Mozilla is no good idea or at least useless. So did you already try "Never"? Please provide us with a SMTP log (see http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#smtp for instructions) if this doesn't help.
stunnel only runs as the SSL server - Mozilla itself is the SSL client. This setup is working fine for POP3/SSL - it's just SMTP/SSL that doesn't work. Consequently, I don't think the "none" option for SSL will be useful. I'll look into generating that SMTP log...
Hmmm. It looks like SMTP over SSL works rather differently to POP3 over SSL. For POP3, the SSL is automatically applied outside of the POP3 protocol, as soon as the socket is connected, before even the server sign-on is sent etc. For SMTP, SSL isn't negotiated as soon as the connect() completes, but instead, the server sends it sign-on, the client HELO/EHLO's, then the client send the STARTTLS SMTP command, at which time the SSL negotiation begins. Using stunnel 4, I had to add the option "protocol smtp" to my stunnel.conf so that stunnel would perform the SMTP proxying (e.g. passing server's sign-on to client in clear-text) prior to SSL negotiation. Interestingly, Microsoft Outlook Express worked fine with the server setup the way I had it before. I'll have to check that it still works!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID
I am experiencing this also with Firebird (0.1, 2003-08-13, and 2003-08-20). Only happens when SMTP is set to use SSL. I can send the first email fine, but if I send a second email (to anyone, just second in the same instance of Firebird), Firebird hangs with the send progress dialog showing. I can click "Cancel" to stop it. I am attaching my Firebird SMTP log including the first and second send.
Stephen, you're right, these two protocols work different and the way you found out. We've bug 135357 about SMTP over SSL so it works like POP. I guess OE works because SMTP over SSL is their old method to do this instead of the standard STARTTLS. Although I thought they only do this on port 465.
J. Lance, you're using stunnel too? The logs last line is "SMTP Send: EHLO securecms.com", so it's the servers turn to answer. That does not necessarily mean it's not Mozillas fault. The answer might be send not SSL encrypted or other. A ethereal or other sniffers log could show this. But I don't know an error causing this and my tests (with a SSL enabled SMTP server, not stunnel) succeeded. Have you access to another SSL enabled server for testing?
Hmm. I guess I am not sure what stunnel is versus SMTP over SSL. I'll check it out on a few different servers. The particular server being used in this case is WinNT 4.0 with Exchange Server 5.5 SMTP service. Is stunnel versus SMTP over SSL related to the STARTTLS command or just connecting and assuming to start SSL negotiation?
As I wrote I'm not familiar with stunnel too. But I read a little bit over it. The difference between STARTTLS (standard SSL mode for SMTP) and SMTP over SSL is explained in comment #3 (if you replace "POP3" with "SMTP over SSL"). SMTP with stunnel seems to work as SMTP over SSL by default but after adding an option it works with STARTTLS too. Normally SMTP servers are using STARTTLS, but some prefer SMTP over SSL - mostly if running on port 465. But I think in your case there's no stunnel on the line. As I wrote we have to find out where your second-mail-hangs-problem is - in Mozilla or on the server side.
*sigh* Just a note for anyone else dealing with this - it looks like Microsoft Outlook Express won't do STARTTLS (at least, not in the configuration I have - port 8026 with authentication turned on). So, I guess I'll have to have one configuration for SSL-wrapped SMTP and another for STARTTLS proxied SMTP, on different ports...
You need to log in before you can comment on or make changes to this bug.