STARTTLS issues in mail server MDaemon on Windows Server 2003

Recently MDaemon that installed on Windows Server 2003, ceased to send or receive messages from\to some mail servers. As it turned out, the problem is in the obsolete SSL\TLS protocols on Windows Server 2003.

Symptoms (cut from log):

Wed 2015-10-14 10:26:51: [831:6] Session 831; child 6; thread 4364
Wed 2015-10-14 10:26:40: [831:6] Accepting SMTP connection from [xxx.xxx.xxx.xxx:45084]
Wed 2015-10-14 10:26:41: [831:6] --> 220 mail.xxxx.xx ESMTP MDaemon xx.x.x; Wed, 14 Oct 2015 10:26:40 +0500
Wed 2015-10-14 10:26:41: [831:6] <-- EHLO mail.xxxx.xx
Wed 2015-10-14 10:26:41: [831:6] EHLO/HELO response delayed 10 seconds
Wed 2015-10-14 10:26:51: [831:6] --> 250-mail.xxxx.xx Hello mail.xxxx.xx, pleased to meet you
Wed 2015-10-14 10:26:51: [831:6] --> 250-VRFY
Wed 2015-10-14 10:26:51: [831:6] --> 250-EXPN
Wed 2015-10-14 10:26:51: [831:6] --> 250-ETRN
Wed 2015-10-14 10:26:51: [831:6] --> 250-AUTH=LOGIN
Wed 2015-10-14 10:26:51: [831:6] --> 250-AUTH LOGIN CRAM-MD5
Wed 2015-10-14 10:26:51: [831:6] --> 250-8BITMIME
Wed 2015-10-14 10:26:51: [831:6] --> 250-STARTTLS
Wed 2015-10-14 10:26:51: [831:6] --> 250 SIZE 100000000
Wed 2015-10-14 10:26:51: [831:6] <-- STARTTLS
Wed 2015-10-14 10:26:51: [831:6] --> 220 Begin TLS negotiation
Wed 2015-10-14 10:26:51: [831:6] SSL error 80090308
Wed 2015-10-14 10:26:51: [831:6] SMTP session terminated (Bytes in/out: 339/301)

There are two possible solutions:

First option. In MDaemon Security Settings, SSL & TLS section, there is a white list. There you can add e-mail domains that will not be used for the channel encryption. You can also prescribe problem mail servers (hosts) there.

Second option is to install the update from Microsoft that will include support for the latest negotiation protocols of encryption in Windows server 2003. Page from the knowledge base: https://support.microsoft.com/en-us/kb/948963 (An update is available to add support for the TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA and TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA AES cipher suites in Windows Server 2003).

Tags: Windows (EN), mdaemon (en)

PrintEmail

Add comment


Security code
Refresh