TMP QUIT / Disconnect Problem with TLS

Discussion regarding the Standard version.
Post Reply
SimonB
Posts: 3
Joined: Thu Nov 17, 2022 10:34 am

TMP QUIT / Disconnect Problem with TLS

Post by SimonB »

Hi

We use MailEnable as part of Plesk on a Windows webserver

We recently updated to Plesk v18.0.48 and with it MailEnable Standard v10.42

After the update we are experiencing some problem using SMTP with TLS (port 587), it appears the QUIT command no longer causes the server to disconnect the STMP connection.

We have Plesk running on an Azure VM (Windows Server 2019) so use MailEnable to send emails to SendGrid for distribution.

If we send emails from our email client to our webserver using SMTP Port 587 with Explicit TLS, the email sends fine, but when the email client sends the QUIT command the server responds `221 Service closing TLS SSL transmission session` but the server does not close the session.

If we turn off Explicit TLS and swap to port 25, the response from the QUIT command is `21 Service closing transmission channel` and the server closes the session.

We have tried downgrading MailEnable to an older version, but the problem persisted, we also tried updating it to v10.43 with no luck.

The mail client we are using hasn't been updated

Has anyone experienced this or have any idea what we could check / test to try and fix this problem?

Ideally we don't want to tell all out customers to turn off TLS

Here is the end of the STMP logs, in case that help


TLS enabled

Code: Select all

> .
< 250 Requested mail action okay, completed
> QUIT
< 221 Service closing TLS SSL transmission session

TLS not enabled

Code: Select all

> .
< 250 Requested mail action okay, completed
> QUIT
< 221 Service closing transmission channel

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: TMP QUIT / Disconnect Problem with TLS

Post by Admin »

Hi,

MailEnable will close the connection after it receives the response from the remote server. I am not sure of the problem you are getting. Likely since the connection is using TLS the QUIT is being used to drop out of the secure channel. But I can't see what actual problem you are getting with sending email (apart from the difference in the text response from the remote server), sorry.

SimonB
Posts: 3
Joined: Thu Nov 17, 2022 10:34 am

Re: TMP QUIT / Disconnect Problem with TLS

Post by SimonB »

When we send QUIT with TLS enabled, we get a `221 Service closing TLS SSL transmission session` response back from mailEnable, but mailEnable or the server running it doen't close the connection. leaving the connection open until it times out in our software.

Where is what the SMTP connections look like a minute after sending QUIT

Image

With TLS turned off, the connection is closed from the servers side after the QUIT command is received.

Sorry I am not very familiar with STMP commands, so most if my knowledge is from googling to try and fix this issuee.

From my understanding when the QUIT command is recived the server should close the connection

From wikipedia (https://en.wikipedia.org/wiki/List_of_SMTP_server_return_codes)
C: QUIT
S: 221 2.0.0 Goodbye
{The server closes the connection}
By server is read this to be mailEnable or the server running it.

So our software is waiting for the connection to be closed server side, but that never happens.

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: TMP QUIT / Disconnect Problem with TLS

Post by Admin »

Hi,

Can you try the following hotfix? It should address this issue:

https://www.mailenable.com/hotfix/MESMTPC_64.zip

To install:
1) Stop the SMTP service
2) Rename the Mail Enable\bin64\MESMTPC.EXE file so you can roll back this hotfix
3) Extract the zip file from the link above to the Mail Enable\bin64 directory
4) Start the SMTP service

SimonB
Posts: 3
Joined: Thu Nov 17, 2022 10:34 am

Re: TMP QUIT / Disconnect Problem with TLS

Post by SimonB »

Hi

I've Tetsted the hot fix and it worked perfectly, I get the bellow responses then the server closes the session

Code: Select all

< 250 Requested mail action okay, completed
> QUIT
< 221 Service closing TLS SSL transmission session
I rolled the hot fix back just to confirm the problem retuned and it did, so the hot fix loosk to have resolved the problem.

Thanks so much for your help :D

Is this hot fix production ready or should I wait for the next release of ME before leaving it on a production server?

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: TMP QUIT / Disconnect Problem with TLS

Post by Admin »

Hi,

It should be fine in production. That is the only change in the service. It will be in the next minor beta.

VFSKeith
Posts: 22
Joined: Thu Oct 02, 2014 7:02 pm

Re: TMP QUIT / Disconnect Problem with TLS

Post by VFSKeith »

We are having almost identical behavior for POPS. We applied the security update from October which put us on 9.85 and ever since then there have been open connections stuck on the QUIT command... then they time out. This causes connections to stack and eventually the service is too flooded to respond
Thank You,

Keith Damron
VF

VFSKeith
Posts: 22
Joined: Thu Oct 02, 2014 7:02 pm

Re: TMP QUIT / Disconnect Problem with TLS

Post by VFSKeith »

VFSKeith wrote:
Tue Nov 29, 2022 9:30 pm
We are having almost identical behavior for POPS. We applied the security update from October which put us on 9.85 and ever since then there have been open connections stuck on the QUIT command... then they time out. This causes connections to stack and eventually the service is too flooded to respond
Anybody here? Our last Mailenable server may need to be abandoned if nothing can be done. Datacenter has exhausted all other possibilities.
Thank You,

Keith Damron
VF

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: TMP QUIT / Disconnect Problem with TLS

Post by Admin »

The POP service doesn't have the issue, sorry, since it does not have the same command the IMAP service does. It may be something else. I have tested with over SSL and it quits for me. Can you try using openssl to see if it quits? I used:

openssl s_client -connect localhost:995

Do you see the connections under the POP/Connections list in the admin program?

Post Reply