How do I send an email in Outlook 2003 via a SSL conncection to an
IMAP server that doesn't require SPA? I can receive messages, but I
can't send them despite using the correct, university-required
settings. The port number is correct (25), my server does require SSL
connections (Georgetown University IMAP servers), I have the correct
login information, my firewall has port 25 open, my anti-virus
software is set to not scan outgoing mail messages, and I have the
correct address (smtp.georgetown.edu). Are there any other settings in
a Windows XP pro machine connected to the university via a LAN
connection that I should be checking?

---

Request for Question Clarification by aht-ga on 18 Sep 2004 21:40 PDT

doc1490-ga:

Assuming that you have correctly followed the instructions at:

http://uis.georgetown.edu/email/clients/outlook2003/outlook.2003.configuring.html

(and from your description, it sounds like you have), then it will be
necessary to trace each step that the outbound mail needs to take to
get to the server, in order to find out where it is being blocked.

The first place to test is your local firewall. Is this a software
firewall, or a hardware firewall? Since you have WinXP Pro, can you
tell us whether you have installed Service Pack 2? If so, are you
using the firewall built into XP Pro? Or are you using a third-party
firewall program? (in which case, which one?) If instead it is a
hardware firewall, can you give us the make and model?

Next, you mention that you are connecting to the university via a LAN
connection. Can you confirm that this LAN connection is directly a
part of the university-managed network, and not a part of a
third-party network instead? (such as an Internet service provider).

Finally, just wondering if you have already contacted the university
IT department for help with this? If so, what was their advice?

Thanks,

aht-ga
Google Answers Researcher

---

Clarification of Question by doc1490-ga on 19 Sep 2004 01:23 PDT

I have followed the instructions provided by UIS (I'm actually an
employee there).  I have downloaded SP2 and that is the source of the
firewall (I don't use a third party software firewall and the
university's harware firewall wouldn't apply on the intranet). As far
as the LAN, I'm in University Housing on campus and is definitely part
of the intranet. Finally, after talking to the IT department (where I
work, actually), the only advice I came up with was to try the
alternate ports for SSL connections for the SMTP (which I did to no
avail), disable AV scanning of outgoing email (which I had already
done), and re-add the account in Outlook (which I've done multiple
times). The computer has recently been reformatted (two weeks ago) and
the only software installed is Windows, Norton AV, Spybot, Adaware,
AIM, and Nero 6 Ultra. I had the same problem with Outlook before I
reformatted, but I assumed the reformatting would take care of it.
Essentially, it seems like there must be an obscure Outlook setting or
one in Windows that is preventing me access. I have run out of ideas
and none of my colleagues have an idea either. The problem is
definitely not with my email account (I have no problem sending mail
from the web-based client) so I'm looking for any other ideas.

---

Request for Question Clarification by aht-ga on 19 Sep 2004 08:02 PDT

The comment below from gopman-ga is the next step I would try, given
your further description of the problem and your attempts to date.
Open up a command prompt:

  Start>Run... and type 'cmd' (no quotes, and hit Enter)

at the command prompt, type:

  TELNET SMTP.GEORGETOWN.EDU 25

to initiate a Telnet session to the SMTP server using port 25.

At this point, several different outcomes may occur. The desired
outcome is that you are able to successfully connect to
smtp.georgetown.edu (or whatever the private name is that the URL
resolves to), and receive a status message back indicating that you
are connected. If so, just type 'quit' to exit... and the problem will
lie elsewhere.

What I think will happen is that you will get a message back saying something like:

'Connecting to smtp.georgetown.edu...Could not open connection to the
host, on port 25:Connection failed'

If that is the case, type the following at the command prompt:

  PING SMTP.GEORGETOWN.EDU

You should then receive a few lines back; in the first line, it will
say something like:

  Pinging smtp.georgetown.edu [141.161.1.17] with 32 bytes of data:

followed by some results lines. When I tried this just now externally,
I received 'Request timed out' responses, most likely because the SMTP
server is configured to ignore external ping requests to prevent
denial-of-service attacks through PING; your results from inside the
university network may be better, and you might actually get Reply
from... responses. If, however, you get something like:

  'Ping request could not find host smtp.georgetown.edu...'

then that would suggest that your DNS settings are not correct.

If the TELNET test fails, but the PING test works, then this would
point towards an XP Pro firewall issue. You mentioned that you have
opened port 25 on your firewall. May I safely assume you mean that you
added port 25 as an exception, using the procedure here?:

http://www.microsoft.com/athome/security/protect/ports.mspx

I'll wait for your confirmation of the TELNET and PING tests before
proceeding further.

Regards,

aht-ga
Google Answers Researcher

---

Clarification of Question by doc1490-ga on 19 Sep 2004 11:35 PDT

I did open port 25 by adding it as an exception to the XP firewall (I
also tried the process with the firewall disabled). As far as the
telnet and ping tests, I was able to connect via telnet on port 25 and
the ping was successful (0% loss). It never seemed that I had
difficulty connecting to the server, but the transfer via an SSL
connection was where the difficulty lies (the port would be the same
with or without SSL for the SMTP).

---

Request for Question Clarification by aht-ga on 19 Sep 2004 17:45 PDT

doc1490-ga:

OK, since it seems you have no problem with connecting to the server,
then the next thing to look at is the communications that occurs
between Outlook and the SMTP server. This way, we'll be able to see if
the problem has to do with the authentication process, or if it is in
the negotiation of the SSL session (which can happen if the
certificate is rejected by your PC for whatever reason). Please follow
the instructions on this MS Knowledge Base article to activate logging
in your Outlook client:

http://support.microsoft.com/default.aspx?scid=kb;en-us;300479

Once logging is activated, attempt to send an e-mail. After the
attempt has failed, shut down Outlook, then go to the location of the
SMTP server log (which is normally C:\Documents and Settings\<logon
name>\Local Settings\temp\OPMLOG.LOG ) and view the OPMLOG.LOG file
using a text editor such as Notepad.

Looking in the log file, look for any error messages that may explain
why the mail isn't getting through, and let me know what you find.

Regards,

aht-ga
Google Answers Researcher

---

Clarification of Question by doc1490-ga on 19 Sep 2004 23:10 PDT

It appears that it's as we expected after viewing the log file...it
connects to the server fine but once it tries to secure that
connection, it jams up. The error message (predictably) is relatively
vague-at least to the point that it doesn't give me any more insight.
I've included the whole log file for reference. Let me know what you
think.



2004.09.20 02:00:25 <<<< Logging Started (level is LTF_TRACE) >>>>
2004.09.20 02:00:25 Resource manager terminated


2004.09.20 02:01:42 <<<< Logging Started (level is LTF_TRACE) >>>>
2004.09.20 02:01:42 GUMail: Synch operation started (flags = 00000001)
2004.09.20 02:01:42 GUMail: UploadItems: 1 messages to send
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): Begin execution
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): Port: 25, Secure: TLS, SPA: no
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): Finding host
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): Connecting to host
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): Connected to host
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 220
uis-gumail-2.georgetown.edu ESMTP Sendmail 8.12.10/8.12.10; Mon, 20
Sep 2004 02:01:47 -0400 (EDT)
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): [tx] EHLO bpmlaptop
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx>
250-uis-gumail-2.georgetown.edu Hello wkstn35-45.swq.georgetown.edu
[141.161.35.45], pleased to meet you
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250-ENHANCEDSTATUSCODES
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250-PIPELINING
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250-8BITMIME
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250-SIZE 15728640
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250-DSN
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250-STARTTLS
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250-DELIVERBY
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): <rx> 250 HELP
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): Securing connection
2004.09.20 02:01:42 SMTP (smtp.georgetown.edu): [tx] STARTTLS
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): <rx> 454 TLS not
available due to temporary reason
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): Disconnecting from host
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): Disconnected from host
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): Port: 25, Secure: SSL, SPA: no
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): Finding host
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): Securing connection
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): Disconnected from host
2004.09.20 02:01:45 SMTP (smtp.georgetown.edu): End execution
2004.09.20 02:01:45 GUMail: ReportStatus: RSF_COMPLETED, hr = 0x800ccc7d
2004.09.20 02:01:45 GUMail: Synch operation completed
2004.09.20 02:01:51 Resource manager terminated

---

Request for Question Clarification by aht-ga on 20 Sep 2004 11:44 PDT

Can you double-check that your anti-virus program is set to not touch
your outgoing e-mail? I found a message thread on the
comp.mail.sendmail Usenet group that discusses a related problem, and
the resolution was that the user's Norton Antivirus was interfering
with the creation of the secure session. Failing that, we will need to
focus our efforts on the interaction between your antivirus program
(which one are you using, by the way?), the XP firewall, and secure
sessions over port 25.

Regards,

aht-ga
Google Answers Researcher

---

Request for Question Clarification by aht-ga on 20 Sep 2004 11:47 PDT

I've come across additional indications on various message forums that
indicates that Norton Antivirus can interfere with the creation of SSL
sessions over port 25, with the resolution being to disable the
scanning of outgoing messages. So, after you have confirmed that your
antivirus program's configuration is indeed set properly, we will need
to investigate whether this is an aspect of SP2 interacting with your
AV program.

Regards,

aht-ga
Google Answers Researcher

---

Clarification of Question by doc1490-ga on 20 Sep 2004 14:50 PDT

I was using Norton 2004 (part of the systemworks bundle, which I
installed) and I had only been scanning incoming emails. It still
wasn't working, so I figured what the hell and reinstalled
Norton...now all is well. You definitely got the answer on that one,
so confirm it. Definitely worth the 15 dollars.

doc1490-ga:

Glad to hear that the problem is gone!

To summarize (for anyone else reading this) the steps taken to narrow
down the cause:

1. Determined that your Outlook account settings were correct in
accordance to the GUMail requirements at:

http://uis.georgetown.edu/email/clients/outlook2003/outlook.2003.configuring.html

2. Confirmed that port 25 traffic was not being impeded by the XP Pro
Firewall, following the process described in the Microsoft Knowledge
Base at:

    http://www.microsoft.com/athome/security/protect/ports.mspx

   and verified using the TELNET and PING tests described in my posting above.

3. Verified that Outlook 2003 was indeed negotiating a connection with
the SMTP server using the log file, as described in the MS KB article
at:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;300479


Upon your posting of the log file contents, I focused on the relevant error line:

    "454 TLS not available due to temporary reason"

and the fact that GUMail's SMTP server uses SendMail 8.12.10 (also
gleaned from the log).

In researching the causes for this, I found the following message
thread in a SendMail forum:

http://www.mailarchive.ca/lists/comp.mail.sendmail/2003-02/0943.html

While not directly related, there were enough references made in the
thread to Norton Antivirus interfering with the setup of a Transport
Layer Security (TLS) session that it became the likely culprit.
Thankfully, that was indeed the case!

If you haven't already done so, it's probably a good idea to pass this
learning on to the folks that support GUMail, in case anyone else runs
into the same problem that you did.

Happy to have helped,

aht-ga
Google Answers Researcher

Researcher was exceptionally thorough, professional, and helpful.
Examined the problem in depth and took a great deal of time in doing
so.

One quick way to help isolate the problem would be to attempt to
telnet to port 25 on the remote mail server (open a command prompt,
type "telnet remoteservername 25"). That way you might see a relevant
error message. If it works, you should see an SMTP banner from the
remote server.

Note that the remote server must be an SMTP server. IMAP is the
protocol to read mail. SMTP is used to send mail. Good Luck.