Trouble Getting SSL to work in ME Standard 9.10.

Discussion regarding the Standard version.
fbmaxwell
Posts: 24
Joined: Mon Apr 14, 2014 3:52 pm

Trouble Getting SSL to work in ME Standard 9.10.

Post by fbmaxwell »

I was excited to see that ME Standard Edition now includes "SSL and TLS Support". Unfortunately, I've pulled my hair out trying to get it to work with a self-signed certificate.

I've been through every knowledgebase topic on it. I've read every how-to post I can find.

● I've created self-signed certs through IIS.
● I've created them using openssl on a Mac, importing them and trusting their cert. authority.
● I've followed these directions for selecting the cert in ME:
http://www.mailenable.com/documentation ... ption.html
● I've made port 465 an SSL alternate port for SMTP.
● I've checked the box to allow TLS inbound.
● I've tried to follow these directions:
http://www.mailenable.com/kb/Content/Ar ... D=me020479
But my MailEnable server does not have an IME_SYSTEM account. It has IME_ADMIN and IME_USERS. So I've tried giving both of them full access to the imported certificate. That doesn't help.

Everything looks fine (other than the missing IME_SYSTEM user account). I restart all services (not just SMTP). And then try to connect with my Mac Mail client set to use port 465 with "Use SSL" checked.

Every time, I get the following message from the "Connection Doctor":

Code: Select all

Could not connect to this SMTP server. Check your network connection and that you entered the correct information in the Account preferences. Also verify that this server supports SSL.  If it does not, deselect the "Use SSL" checkbox in the Advanced tab of account Preferences.
I am at a loss as to why this won't work and would welcome any help to debug and resolve this problem.

Thanks in advance.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by MailEnable-Ian »

Hi,

Are you able to telnet to port 465 from the mac machine to the server and establish a connection? Try and disable inbound TLS and try again. Are there nay issues in regards to the SSL certificate binding?? Restart the SMTP service and check the debug log file after the service restarts. I.e: **** log file started ******
Regards,

Ian Margarone
MailEnable Support

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by MailEnable-Ian »

Hi,

Please re download the standard 9.10 kit on the downloads page as its a revised version with a fix for the TLS option problem not saving. See if this helps.
Regards,

Ian Margarone
MailEnable Support

fbmaxwell
Posts: 24
Joined: Mon Apr 14, 2014 3:52 pm

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by fbmaxwell »

Hi Ian,

Thanks for your help on this one.

Just in case this is the clue you need, I'm putting it up front:

Code: Select all

03/31/16 02:45:17	SMTP-IN	8D1832B30B6845FF86C43414ECEF48BF.MAI	748	192.168.1.100	STARTTLS	STARTTLS	454 TLS not available due to temporary reason	71	10	
Re-installing from the new v9.10 you directed me to download did not resolve the problem.

Each time I stop and start the SMTP service, I get the log-file-closed/log-file-started messages without errors following.

I did the following:

1. With Inbound TLS enabled and SSL required checked, I successfully established a telnet connection to port 465. Saw no characters.
2. Unchecked SSL Required, restarted SMTP, and did a telnet to port 465. Got my custom message:
"220 {server.domain}.com ESMTP Service Ready at 03/31/16 02:24:42 EST/EDT"
3. I disabled alternate port 465 and restarted SMTP service. Telnet connection to port 465 connection was refused.
4. Enabling/disabling inbound TLS had no effect (did an SMTP restart each time).

On my mail client (Apple Mail, OS X 10.11.4), if I check "Use SSL", the "Connection Doctor" just times out and spits out a connection-failed message. At the time that I click to check it, that's when the STARTTLS error message shows up in the server log.

No errors are shown when I select the certificate.

I'm probably doing something stupid, but I don't know what.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by MailEnable-Ian »

Hi,

The error "454 TLS not available due to temporary reason" usually indicates that there is an SSL certificate binding problem. I think the best way forward here would be to lodge a support ticket and provide the technician with server access so they can troubleshoot in more detail on the server. Try creating a self-signed certificate in IIS and then setting that certificate to be used by the MailEnable services to see if this works.
Regards,

Ian Margarone
MailEnable Support

fbmaxwell
Posts: 24
Joined: Mon Apr 14, 2014 3:52 pm

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by fbmaxwell »

Hi,

Thanks Ian. I created a self-signed cert in IIS 7, which is annoying due to its refusal to let you edit the domain name. I then chose that cert in the ME properties. As I mentioned previously, ME did not create an IME_SYSTEM account, just an IME_ADMIN and IME_MAILENABLE, so I was not able to provide full access for the (non-existent) IME_SYSTEM account. So I did the next best thing I could think of, providing full access to IME_ADMIN and IME_MAILENABLE.

I restarted all services. The same "454 TLS not available due to temporary reason" occurred.

I'm going to try to do some more research before I open a support ticket. I'll post if I arrive at a solution.

Regards,
Fred

Dhanasekar
Posts: 3
Joined: Thu May 12, 2016 5:01 am

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by Dhanasekar »

fbmaxwell wrote:I was excited to see that ME Standard Edition now includes "SSL and TLS Support". Unfortunately, I've pulled my hair out trying to get it to work with a self-signed certificate.

I've been through every knowledgebase topic on it. I've read every how-to post I can find.

● I've created self-signed certs through IIS.
● I've created them using openssl on a Mac, importing them and trusting their cert. authority.
● I've followed these directions for selecting the cert in ME:
http://www.mailenable.com/documentation ... ption.html
● I've made port 465 an SSL alternate port for SMTP.
● I've checked the box to allow TLS inbound.
● I've tried to follow these directions:
http://www.mailenable.com/kb/Content/Ar ... D=me020479
But my MailEnable server does not have an IME_SYSTEM account. It has IME_ADMIN and IME_USERS. So I've tried giving both of them full access to the imported certificate. That doesn't help.

Everything looks fine (other than the missing IME_SYSTEM user account). I restart all services (not just SMTP). And then try to connect with my Mac Mail client set to use port 465 with "Use SSL" checked.

Every time, I get the following message from the "Connection Doctor":

Code: Select all

Could not connect to this SMTP server. Check your network connection and that you entered the correct information in the Account preferences. Also verify that this server supports SSL.  If it does not, deselect the "Use SSL" checkbox in the Advanced tab of account Preferences.
I am at a loss as to why this won't work and would welcome any help to debug and resolve this problem.

Thanks in advance.
Hi Fred & lan,

Fred, I have the same problem as you mentioned. Did you manage to fix the problem. I have spent more time to fix this but I couldn't fix the problem.

Any help would be appreciated.


Thanks,
Dhanasekar
Last edited by Dhanasekar on Mon May 23, 2016 6:17 am, edited 1 time in total.

Dhanasekar
Posts: 3
Joined: Thu May 12, 2016 5:01 am

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by Dhanasekar »

Hi Fred,

I have the exact same problem as you have mentioned. I tried to fix this but I cannot get through this. Did you manage to fix this problem.

Any help would be appreciated.

Thanks,
Dhanasekar

fbmaxwell
Posts: 24
Joined: Mon Apr 14, 2014 3:52 pm

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by fbmaxwell »

Hello Dhanasekar,

I wish that I could report success, but I never did solve the problem -- despite hours of effort trying to. Because I am retired and run MailEnable primarily for my non-commercial, personal domain, I could not justify the costs to handle this with paid ME tech support.

I'm hopeful that this problem will be reported by others and that ME will release a fix as part of a routine update.

Regards,
Fred

Dhanasekar
Posts: 3
Joined: Thu May 12, 2016 5:01 am

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by Dhanasekar »

Thanks for the update Fred. Will wait for ME update.

tinybeetle
Posts: 4
Joined: Mon May 23, 2016 7:05 pm

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by tinybeetle »

When I first installed I made the mistake of checking the use TLS checkbox without having a certificate in place. So I had the temporary STARTTLS error in my logs.

I've gotten TLS 1.2 to work with my MailEnable Standard on both send and receive using a GoDaddy certificate.

However, like you I cannot get SSL/TLS to work with my mail client for SMTP or IMAP. The only thing that works is if I select "none" for security.

Note: Certificates have a "Friendly Name". This name must match the domain name being used in an IIS installation or things just don't work right. Here's an article on how to edit the name - http://serverfault.com/questions/286891 ... ave-a-name

millahjovich
Posts: 4
Joined: Mon Jul 04, 2016 8:13 am

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by millahjovich »

Are you able to telnet to port 465 from the mac machine to the server and establish a connection? Try and disable inbound TLS and try again. Are there nay issues in regards to the SSL certificate binding?? Restart the SMTP service and check the debug log file after the service restarts. I.e: **** log file started ******
[url=https://www.nimblemessaging.com/plugin/wordpress-conference-call-plugin/] Call Conference [/url] ||[url=https://www.nimblemessaging.com/plugin/wordpress-conference-call-plugin/] Conference Calling Plugin [/url] ||[url=https://www.nimblemessaging.com/plugin/wordpress-conference-call-plugin/] Telephone Conference Calling [/url]||[url=https://www.nimblemessaging.com/] Nimble Messaging [/url]

rffuller
Posts: 4
Joined: Fri Sep 02, 2016 4:46 am

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by rffuller »

Hi

I too am having the exact same problem when trying to use SSL with the SMTP connector. Here is the debug log...

[09/03/16 20:09:04]****************** LOG FILE STARTED *******************
09/03/16 20:09:04 ME-I0143: Service Loading Configuration Providers
09/03/16 20:09:04 ME-IXXXX: Loaded Address Map Provider
09/03/16 20:09:04 ME-IXXXX: Loaded Authentication Provider
09/03/16 20:09:04 ME-IXXXX: Loaded MEAISM Configuration Provider
09/03/16 20:09:04 ME-IXXXX: Loaded MEAIDP Directory Provider
09/03/16 20:09:04 ME-IXXXX: Loaded MEAILS Configuration Provider
09/03/16 20:09:04 ME-IXXXX: Loaded Postoffice Configuration Provider
09/03/16 20:09:04 ME-I0073: MEW2KDNS Initialized to use DNS Servers (xx.xx.xx.xx yy.yy.yy.yy)
09/03/16 20:09:04 ME-IXXXX: No plug-in DLL configured
09/03/16 20:09:04 ME-I0141: Service Starting
09/03/16 20:09:04 ME-I0139: Outbound Mail Agent Initialised
09/03/16 20:09:04 ME-I0139: Initializing DomainKeys Extension
09/03/16 20:09:04 ME-I0140: Standard Inbound Mail Agent Initialised
09/03/16 20:09:04 ME-I0065: [SYSTEM] Initalised Send Message Master Thread
09/03/16 20:09:04 ME-I0065: [SYSTEM] Resetting queued messages
09/03/16 20:09:04 ME-I0066: [SYSTEM] No outgoing message files in queue.
09/03/16 20:09:04 ME-I0082: Service binding to all addresses on port (25) for IPv4 family (2). Requires authentication 0
09/03/16 20:09:04 ME-I0085: Service (Alternate) binding to all IPv4 addresses on port (587). Requires authentication 1
09/03/16 20:09:04 ME-IXXXX: Initalised Recv Message Master Thread
09/03/16 20:09:04 ME-I0076: Listening for connections
09/03/16 20:09:04 ME-I0144: Service Completed Loading Agents
09/03/16 20:09:04 ME-IXXXX: Initalised Recv Message Master Thread
09/03/16 20:09:04 Service bound to certificate with name: "mail.xxxxxxxxxx.xxx".
09/03/16 20:09:04 ME-I0076: Listening for connections
09/03/16 20:14:32 [748] SSL recv failed: 10060.
09/03/16 20:14:32 [748] SSL_Handshake negotiation failed
09/03/16 20:14:32 ME-E0xxx: [748] SSL Handshake failed. Closing connection.

I have tried just about every combination I can think of for the TLS and SSL options. All the relevant ports are open on the router and firewall. I can send and receive messages without SSL over port 25 with no problems.

Can anybody offer any suggestions, as I have spent hours trying to get this working.

Regards

Richard

mikewheat
Posts: 5
Joined: Tue Sep 18, 2012 5:01 pm

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by mikewheat »

Hi,

Has anyone figured this out yet?

I am having trouble connecting to MailEnable using IMAP/SMTP and SSL from iPhone email app and iPhone Outlook app.

I have opened up the firewall completely with no success.
I have opened up the firewall on the server completely as well with no success.

I can connect from Outlook on my PC.
I can connect from Thunderbird on the server and on my PC.

I'm pretty sure I have everything set correctly. SSL Certificate installed correctly. I also do not have a ME_System user account on the server.

Why can I not connect using my iPhone???

Please help.

Thank you,
Mike

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Trouble Getting SSL to work in ME Standard 9.10.

Post by MailEnable-Ian »

Hi,

Review the following article to see if this resolves the problem: http://www.mailenable.com/kb/content/ar ... D=me020644
Regards,

Ian Margarone
MailEnable Support

Post Reply