Hello,

We recently upgraded our mail server from Exchange 2003 to 2010. There's an external web server which sends secure email from our website to Exchange. This is no longer working correctly and we can not decommission the 2003 server until the problem is resolved.

From the web server, I've simplified the equation by simply binding with OpenSSL and trying to issue SMTP commands manually. I have no problem establishing the TLS connection. I can issue an EHLO then AUTH LOGIN. I pass the encoded credentials and Exchange replies "DONE" then my connection drops.

I've never seen this before. I've only ever seen authentication successful or unsuccessful. What does "DONE" mean and why does my connection immediately terminate?

If it helps at all, here's the conversation:

Code:
250 CHUNKING
ehlo
250-server.domain.tld Hello [nnn.nnn.nnn.nnn]
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING
auth login
334 VXNlcm5hbWU6
BASE64 encoded account
334 UGFzc3dvcmQ6
BASE64 encoded password
DONE
acct@server[/]#
Any assistance would be greatly appreciated. Thanks in advance.

[EDIT]
I performed the same command sequence in a Telnet session and was able to bind as the user. Obviously, this is not a solution as the email is not secured via TLS; however, it makes me think that something's wrong with OpenSSL or the certificate / settings in Exchange 2010.

Here's the handshake from the OpenSSL connection:
Code:
acct@server [~]# openssl s_client -starttls smtp -crlf -connect host.domain.tld:nnn                                              org:446
CONNECTED(00000003)
---
Certificate chain
omitted
---
Server certificate
-----BEGIN CERTIFICATE-----
omitted
-----END CERTIFICATE-----
omitted
---
omitted
---
SSL handshake has read 4974 bytes and written 494 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: omitted
    Session-ID-ctx:
    Master-Key: omitted
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1310418709
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 CHUNKING
There must be something simple that I'm overlooking.