Alert says "Connection timed out", when it didn't (Mail send) - SMTP SSL timeout

NEW
Unassigned

Status

MailNews Core
Networking: SMTP
8 years ago
2 years ago

People

(Reporter: Michael A. Pasek, Unassigned)

Tracking

1.9.1 Branch
x86
Mac OS X

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [gs], URL)

Attachments

(2 attachments)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.3a1pre) Gecko/20091213 Shredder/3.1a1pre

Attempting to send mail, TB connects to server and attempts to use SSL/TLS (as user had configured it).  Server doesn't have a clue what TB is talking about, and responds with a "500" error.  TB just sits there for 40 seconds, then sends a FIN, then puts up an Alert that says the connection timed out.  But it didn't -- Thunderbird did.  Will attach tcpdump.

Reproducible: Always

Steps to Reproduce:
1.  Configure an SMTP server to point to smtp.sendit.nodak.edu
2.  Configure "SSL/TLS"
3.  Try to send an email.
Actual Results:  
"Connection timed out"

Expected Results:  
"SSL negotiation failure" or "TLS negotiation failure" (whichever was actually being tried).

Ran into this while trying to help a high school student get to a UofND mail account w/TB3.0 (on the Mozilla Messaging forum).  The error kept saying "Connection timed out", so I'm trying to walk him through verifying that port 587 can get out of his computer.  Finally, I cobbled together an account on MY copy of TB (3.1a1pre), and captured the attached 'tcpdump'.  I also got an alert that said the "Connection timed out", when in fact it had not.
(Reporter)

Comment 1

8 years ago
Created attachment 418476 [details]
tcpdump of failed SSL/TLS negotiation
Component: General → Security
QA Contact: general → thunderbird

Comment 2

8 years ago
> 1.  Configure an SMTP server to point to smtp.sendit.nodak.edu
> 2.  Configure "SSL/TLS"

How exactly do you do that? In new Account wizard? In Account Settings? Which exact steps?

Which port do you use? Are you sure you configured SSL and not STARTTLS?

Thee attached tcpdump is just the commandline output. Can you attach the dump itself, please, i.e. tcpdump -w ?
(Reporter)

Comment 3

8 years ago
> How exactly do you do that? In new Account wizard? In Account Settings? Which
> exact steps?
>
> Which port do you use? [...]

See http://www.edutech.nodak.edu/support/mail/clients/thunderbird/

> [...] Are you sure you configured SSL and not STARTTLS?

Yep. 

> The attached tcpdump is just the commandline output. Can you attach the dump
> itself, please, i.e. tcpdump -w ?

I didn't capture the "raw" tcpdump output.  I have, since I did the capture, deleted the account I had set up while I was trying to help the poor kid (see http://getsatisfaction.com/mozilla_messaging/topics/why_cant_i_configure_my_outgoing_server_on_thunderbird).
(Reporter)

Comment 4

8 years ago
P.S.  Just make up an account (I did), then compose an email and try to send it.

Updated

8 years ago
Component: Security → Networking: SMTP
Product: Thunderbird → MailNews Core
QA Contact: thunderbird → networking.smtp
Target Milestone: --- → Thunderbird 3
Version: unspecified → 1.9.1 Branch

Updated

8 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: Thunderbird 3 → ---
(Reporter)

Comment 5

8 years ago
Same thing happens when "SSL/TLS" enabled for Apple's MobileMe accounts.  According to the setup information for Windows Vista Mail (they don't have instructions for Thunderbird), "If you would like to use a secure connection to the email servers, enable both of the "This server requires a secure connection (SSL)" options. The Incoming mail (IMAP) port number automatically changes from 143 to 993, but you will need to manually change the Outgoing server (SMTP) from 25 to 587. If you are configuring the account as POP, the Incoming mail port instead changes from 110 to 995."  It appears that SSL _is_ a valid option.

Will attach tcpdump capture (-w).
(Reporter)

Comment 6

8 years ago
Created attachment 422063 [details]
raw tcpdump capture of failed SSL/TLS connection to smtp.me.com
(Reporter)

Updated

7 years ago
Whiteboard: [gs]
(In reply to comment #3)
> Which port do you use? [...]
> See http://www.edutech.nodak.edu/support/mail/clients/thunderbird/

Confusng but Tb2 showed Tb3's "StartTLS"(use STLS command in SMTP)" as "TLS"( and "TLS, if avail" too) in setting panel, and Tb2 showed Tb3's "SSL/TLS" as "SSL" in setting panel. Such misleading term of Tb2 is already improved by Tb3 or later.

(In reply to comment #0)
> Steps to Reproduce:
> 1.  Configure an SMTP server to point to smtp.sendit.nodak.edu
> 2.  Configure "SSL/TLS"

(In reply to comment #3)
> > [...] Are you sure you configured SSL and not STARTTLS?
> Yep. 

(In reply to comment #5)
> "If you would like to use a secure connection to the email servers,
> enable both of the "This server requires a secure connection (SSL)" options.
> (snip), but you will need to manually change the Outgoing server (SMTP)
> from 25 to 587.

587 is default of "Message Submission Port" which is ordinally used to work around "Outbound Port 25 Blocking" recently, and StartTLS is usually used if secure communication is required for the SMTP session via 587.
For SSL/TLS of SMTP, default port number is 465.
Example: Gmail requests one of next two for Tb's SMTP setting;
  (i) Port=587(25?) + StartTLS, (ii) Port=465 + SSL/TLS

Michael A. Pasek, what is your combination of port number setting and secure connection setting of Tb?
Does your SMTP server support combination of Port=587 + SSL/TLS?
(Reporter)

Comment 8

7 years ago
WADA: See the STR, use port 587 (I know, port 587 isn't a "normal" port -- that's beside the point). You can reproduce this quite simply using any known-good SMTP server (that currently has "STARTTLS" or "None") by changing the "Connection Security" setting to "SSL/TLS".  Now try to send mail.  You KNOW the server is there, and it WILL establish a TCP connection, but TB says the "connection timed out". 
It didn't time out, the server responded with a "500" error (e.g., "Command not understood" or "Command not recognized").  TB should see/recognize the "500" error response from the server, and report to the user that "the server does not support SSL/TLS" (or something similar) instead of "connection timed out"). 

This bug is about:
1) Not recognizing the "500" error response (i.e., a response that is not a "Server Hello"); and,
2) Not relaying appropriate status back to the user.
Questions again.
  - Problem with 587+SSL/TLS, instead of 465+SSL/TLS and 587+StartTLS.
  - No problem, if 465+SSL/TLS, with the SMTP server?
    Or similar problem occurs even when 465+SSL/TLS or 587+StartTLS? 

> "500" error response

Can you attach IMAP level log of Tb?
(Is the "500" error response passed to Tb's IMAP code? Or SSL level error?) 
> https://wiki.mozilla.org/MailNews:Logging
> Win example : SET NSPR_LOG_MODULES=timestamp,imap:5
(Reporter)

Comment 10

7 years ago
I expounded on explanations, and tried to answer WADA's questions via email.  This bug report is not about getting a particular SMTP server to connect with TB, but for TB to give more accurate feedback to the user, as noted in comment #8.  The first part -- if the SSL code is part of "core-something" -- could be submitted as a separate bug with this bug listed in "Blocks:" (if I am interpreting the use of that field correctly).
(Reporter)

Updated

7 years ago
Summary: Alert says "Connection timed out", when it didn't (Mail send) → Alert says "Connection timed out", when it didn't (Mail send) - SMTP SSL timeout
Duplicate of this bug: 592326
You need to log in before you can comment on or make changes to this bug.