PeralesAT
asked on
Exchange SMTP and Encryption
I'm having a problem with our new Exchange 2010 server. Everything is working fantastically, except for clients (smart phones and email software) that must use SMTP for outgoing mail.
For example, one users phone won't connect via SMTP. I have the Client Receive Connector setup to use port 587 with TLS encryption but the phone says the server does not support it.
I can't get Outlook or Thunderbird to connect either. I'm at a loss as to what my next step is.
Any further information that's needed from me?
For example, one users phone won't connect via SMTP. I have the Client Receive Connector setup to use port 587 with TLS encryption but the phone says the server does not support it.
I can't get Outlook or Thunderbird to connect either. I'm at a loss as to what my next step is.
Any further information that's needed from me?
ASKER
They claim that the authentication is not supported when they're configured as I specified on the client receive connector.
=> What sort of authentication are they expecting - that'll be my next question,
=> Which smart phone are they using?
=> Ports 25 are normally used for sending / receiving emails, how come they're talking about 587?
Regards,
Exchange_Geek
=> Which smart phone are they using?
=> Ports 25 are normally used for sending / receiving emails, how come they're talking about 587?
Regards,
Exchange_Geek
Port 587 is commonly used for secure SMTP, and has been designated as such by the Internet Assigned Numbers Authority (www.iana.org, www.wikipedia.org).
Have your receive connectors been setup to listen on port 587? And TLS is enabled?
IANA-TCP-UDP-Port-Number-Assignm.txt
Have your receive connectors been setup to listen on port 587? And TLS is enabled?
IANA-TCP-UDP-Port-Number-Assignm.txt
Hello,
Are you using a self-signed certificate? If so, that certificate would need to be imported into all your devices. If you are using a self-signed cert, you should purchase and switch to a commerical certificate.
JJ
Are you using a self-signed certificate? If so, that certificate would need to be imported into all your devices. If you are using a self-signed cert, you should purchase and switch to a commerical certificate.
JJ
ASKER
Thanks for the replies guys. Using a Comodo SSL cert. And yes the connector is listening on port 587 with TLS turned on. I even made sure it was allowed through the firewall.
And the various e-mail clients have been specifically setup to connect to the SMTP server on port 587? By default, clients might only try port 25 until you specifically tell them to use 587.
You've verified there are no DNS issues - clients are obtaining the correct IP address for the server?
You can telnet to the servers private IP address on port 587 from a workstation on your network, and you can telnet to the server public IP address on port 587 from a computer outside of your organization?
Do you use Outlook Web Access, ActiveSync or Outlook Anywhere?
You've verified there are no DNS issues - clients are obtaining the correct IP address for the server?
You can telnet to the servers private IP address on port 587 from a workstation on your network, and you can telnet to the server public IP address on port 587 from a computer outside of your organization?
Do you use Outlook Web Access, ActiveSync or Outlook Anywhere?
Which security mechanisms are enabled in the authentication tab on the connector that listens on port 587?
Also, do you have some kind on smtps inspection on the perimeter firewall?
Also, do you have some kind on smtps inspection on the perimeter firewall?
@tgerbert My friend, I've never heard smart phones asking for authentication for SMTP on SMTPS - for this reason my question was to understand the authentication. Every person on EE who knows Exchange knows the importance and a simple Google search would be enough to understand what is 587 used for.
=> What sort of authentication are they expecting - that'll be my next question,
Are these applications simply wanting to relay across data? If yes, work with the following link to create a relay connector - I've used it on numerous occasions on many clients of mine and it works flawlessly.
=> Which smart phone are they using?
You haven't yet provided specifics on this smart phone details.
=> Ports 25 are normally used for sending / receiving emails, how come they're talking about 587?
Port 587 wouldn't be used by smart phones - they're program'd to use SMTP by default, unless they're using s/w that work only on Secure SMTP. Details on this please.
Regards,
Exchange_Geek
=> What sort of authentication are they expecting - that'll be my next question,
Are these applications simply wanting to relay across data? If yes, work with the following link to create a relay connector - I've used it on numerous occasions on many clients of mine and it works flawlessly.
=> Which smart phone are they using?
You haven't yet provided specifics on this smart phone details.
=> Ports 25 are normally used for sending / receiving emails, how come they're talking about 587?
Port 587 wouldn't be used by smart phones - they're program'd to use SMTP by default, unless they're using s/w that work only on Secure SMTP. Details on this please.
Regards,
Exchange_Geek
My appologies to the author of question but some clarification may be is need about how phones connect to Exchange 2010:
- Most of the phones should be using ActiveSync (new iPhones and new Androids), which is on port 443
- However, the older phones (first generations of iPhone and Androinds) didn't support ActiveSync, so they had to use other methods, like SMTP to send messages
- BlackBerry don't support ActiveSync at all, so they have to be configured with BES or BIS+SMTP to send messages
- Port 25 is generally blocked by ISPs for end users in many parts of the worlds (allowing it to their servers only), so the recommended port for secure submission is 587
More on the ports used in Exchange 2010 http://technet.microsoft.com/en-us/library/bb331973.aspx
- Most of the phones should be using ActiveSync (new iPhones and new Androids), which is on port 443
- However, the older phones (first generations of iPhone and Androinds) didn't support ActiveSync, so they had to use other methods, like SMTP to send messages
- BlackBerry don't support ActiveSync at all, so they have to be configured with BES or BIS+SMTP to send messages
- Port 25 is generally blocked by ISPs for end users in many parts of the worlds (allowing it to their servers only), so the recommended port for secure submission is 587
More on the ports used in Exchange 2010 http://technet.microsoft.com/en-us/library/bb331973.aspx
@sparerov: I fairly well know the phones of today and the phones of yester-years, that is why to end the controversy the question is raised - no point in us talking at length the phone composition and configuration when the actual phone may-be Iphone that doesn't need port 587 (just as you mentioned port 443). So, for your and my and the thread-sake let us end this discussion here. i think it is a fairly obvious question - if "smartphone" is referred, I'd like to know which smartphone talks on port 587 and its requirement. Agreed?
Regards,
Exchange_Geek
Regards,
Exchange_Geek
ASKER
Sorry, was gone for the weekend. Here's how my client receive connector is configured:
The phone is an Android phone that only supports one ActiveSync connection. He uses this connection for his full-time job, not with us. This is why I need to set him up with a connection via SMTP.
Thanks!
The phone is an Android phone that only supports one ActiveSync connection. He uses this connection for his full-time job, not with us. This is why I need to set him up with a connection via SMTP.
Thanks!
The receive connector seems OK to me.
Does it pass the tests of Microsoft Remote Connectivity Analyser at https://www.testexchangeconnectivity.com/ ?
You may have more clues in its report.
Does it pass the tests of Microsoft Remote Connectivity Analyser at https://www.testexchangeconnectivity.com/ ?
You may have more clues in its report.
ASKER
Everything checks out okay with ExRCA. Here's the error any time I try and connect via SMTP with Outlook. It's the same result as the Android Phone:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Good to hear that.
It's stange though that the ExRCA test has passed without correct certificate.
It's stange though that the ExRCA test has passed without correct certificate.
ASKER
Solved my own question.
Connect using SMTP, OL / Thunderbird use POP/IMAP to connect to server and use SMTP to send emails, what is it about these two that you are referring to?
Regards,
Exchange_Geek