July 11th, 2011, 04:40 PM
Exchange 2010 / Openssl AUTH LOGIN not working
We recently upgraded our mail server from Exchange 2003 to 2010. There's an external web server which sends secure email from our website to Exchange. This is no longer working correctly and we can not decommission the 2003 server until the problem is resolved.
From the web server, I've simplified the equation by simply binding with OpenSSL and trying to issue SMTP commands manually. I have no problem establishing the TLS connection. I can issue an EHLO then AUTH LOGIN. I pass the encoded credentials and Exchange replies "DONE" then my connection drops.
I've never seen this before. I've only ever seen authentication successful or unsuccessful. What does "DONE" mean and why does my connection immediately terminate?
If it helps at all, here's the conversation:
Any assistance would be greatly appreciated. Thanks in advance.
250-server.domain.tld Hello [nnn.nnn.nnn.nnn]
BASE64 encoded account
BASE64 encoded password
I performed the same command sequence in a Telnet session and was able to bind as the user. Obviously, this is not a solution as the email is not secured via TLS; however, it makes me think that something's wrong with OpenSSL or the certificate / settings in Exchange 2010.
Here's the handshake from the OpenSSL connection:
There must be something simple that I'm overlooking.
acct@server [~]# openssl s_client -starttls smtp -crlf -connect host.domain.tld:nnn org:446
SSL handshake has read 4974 bytes and written 494 bytes
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Protocol : TLSv1
Cipher : AES128-SHA
Key-Arg : None
Krb5 Principal: None
Start Time: 1310418709
Timeout : 300 (sec)
Verify return code: 0 (ok)