Sending email via SSL to stunnel hangs connectio until cancel is clicked.

RESOLVED INVALID

Status

MailNews Core
Networking: SMTP
RESOLVED INVALID
15 years ago
9 years ago

People

(Reporter: Stephen Warren, Assigned: (not reading, please use seth@sspitzer.org instead))

Tracking

Trunk
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718

I've setup a server where both POP3 and SMTP run over SSL. Both of these use
tcpserver/stunnel to wrap the regular POP3 and SMTP daemons with SSL encryption.
POP3/SSL email retrieval works fine. However, when I attempt to send email via
SMTP/SSL, Mozilla makes the network connection to the server, but it looks like
pretty much nothing at all gets sent over the connection. The debug on stunnel
just shows that it's got the the SSL setup stage - for POP3/SSL there's a bunch
of debug that usually shows up after this detailing info on the SSL ciphers etc.
negotiated. This never appears for SMTP/SSL. Clicking cancel in Mozilla make
stunnel log an unexpected client disconnect message.



Reproducible: Always

Steps to Reproduce:
1. Configure mail to use SSL for outbound SMTP. Use stunnel on your server to
provide SSL tunneling (same thing may happen with other SSL servers...)

I tried both "when available" and "always" SSL options in Mozilla - same results.

The value of "use name and password" doesn't seem to affect the problem.

2. Compose and email, and send it.

Actual Results:  
Observe that the "sending" dialog pops up and never goes away until I click
cancel. Server logs indicated SSL negotiation didn't occur.

Expected Results:  
SSL gets negotiated, Mozilla authenticates to SMTP server, mail gets sent.

Comment 1

15 years ago
I'm not familiar with stunnel but I think that the clients don't have to know of
this tunnel, right?
If so, I suspect activating SSL in Mozilla is no good idea or at least useless.
So did you already try "Never"?

Please provide us with a SMTP log (see
http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#smtp for
instructions) if this doesn't help.
(Reporter)

Comment 2

15 years ago
stunnel only runs as the SSL server - Mozilla itself is the SSL client. This
setup is working fine for POP3/SSL - it's just SMTP/SSL that doesn't work.
Consequently,  I don't think the "none" option for SSL will be useful.

I'll look into generating that SMTP log...
(Reporter)

Comment 3

15 years ago
Hmmm. It looks like SMTP over SSL works rather differently to POP3 over SSL.

For POP3, the SSL is automatically applied outside of the POP3 protocol, as soon
as the socket is connected, before even the server sign-on is sent etc.

For SMTP, SSL isn't negotiated as soon as the connect() completes, but instead,
the server sends it sign-on, the client HELO/EHLO's, then the client send the
STARTTLS SMTP command, at which time the SSL negotiation begins.

Using stunnel 4, I had to add the option "protocol smtp" to my stunnel.conf so
that stunnel would perform the SMTP proxying (e.g. passing server's sign-on to
client in clear-text) prior to SSL negotiation.

Interestingly, Microsoft Outlook Express worked fine with the server setup the
way I had it before. I'll have to check that it still works!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID

Comment 4

15 years ago
Created attachment 130186 [details]
MozillaFirebird SMTP log

Comment 5

15 years ago
I am experiencing this also with Firebird (0.1, 2003-08-13, and 2003-08-20).
Only happens when SMTP is set to use SSL. I can send the first email fine, but
if I send a second email (to anyone, just second in the same instance of
Firebird), Firebird hangs with the send progress dialog showing. I can click
"Cancel" to stop it.

I am attaching my Firebird SMTP log including the first and second send. 

Comment 6

15 years ago
Stephen, you're right, these two protocols work different and the way you found
out. We've bug 135357 about SMTP over SSL so it works like POP.
I guess OE works because SMTP over SSL is their old method to do this instead of
the standard STARTTLS. Although I thought they only do this on port 465.

Comment 7

15 years ago
J. Lance, you're using stunnel too?

The logs last line is "SMTP Send: EHLO securecms.com", so it's the servers turn
to answer.
That does not necessarily mean it's not Mozillas fault. The answer might be send
not SSL encrypted or other. A ethereal or other sniffers log could show this.
But I don't know an error causing this and my tests (with a SSL enabled SMTP
server, not stunnel) succeeded.
Have you access to another SSL enabled server for testing?

Comment 8

15 years ago
Hmm. I guess I am not sure what stunnel is versus SMTP over SSL. I'll check it
out on a few different servers. The particular server being used in this case is
WinNT 4.0 with Exchange Server 5.5 SMTP service.

Is stunnel versus SMTP over SSL related to the STARTTLS command or just
connecting and assuming to start SSL negotiation?

Comment 9

15 years ago
As I wrote I'm not familiar with stunnel too. But I read a little bit over it.
The difference between STARTTLS (standard SSL mode for SMTP) and SMTP over SSL
is explained in comment #3 (if you replace "POP3" with "SMTP over SSL").
SMTP with stunnel seems to work as SMTP over SSL by default but after adding an
option it works with STARTTLS too.

Normally SMTP servers are using STARTTLS, but some prefer SMTP over SSL - mostly
if running on port 465.

But I think in your case there's no stunnel on the line.
As I wrote we have to find out where your second-mail-hangs-problem is - in
Mozilla or on the server side.
(Reporter)

Comment 10

15 years ago
*sigh* Just a note for anyone else dealing with this - it looks like Microsoft 
Outlook Express won't do STARTTLS (at least, not in the configuration I have - 
port 8026 with authentication turned on).

So, I guess I'll have to have one configuration for SSL-wrapped SMTP and 
another for STARTTLS proxied SMTP, on different ports...
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.