Secure SMTP does not work

[Alan Quirt]

I recently switched to the advanced mail service provided jointly by
Bell Sympatico and MSN. Its main advantage to me is secure (SSL)
connections between mail server and client. That does not give full
protection to mail, of course, but it does reduce the risk involved in
sending and receiving mail via public wireless hot spots.

The secure service works perfectly for receiving mail, using either
Outlook Express or Entourage, but it does not work for sending mail with
either program. I've spent over an hour on the phone with Sympatico
technical support, and their only suggested "solution" is to forget
about sending mail securely and use the old insecure SMTP server.

If I use the secure server but uncheck the authentication option, I get
this message:

A message in your Outbox could not be sent using account "Sympatico."
The server did not recognize the recipients or the server refuses to
allow you to send mail.
5.7.3 Requested action aborted; user not authenticated
Error: 5550

If I do specify authentication I get this message:

The SMTP server for "Sympatico" does not recognize any of the
authentication methods supported by Entourage. To send mail, try
disabling SMTP authentication in the account settings or talk to your
administrator.

An unknown error (5530) occurred

This is particularly frustrating, given that both client and server are
supplied by Microsoft.

Does anyone have any suggestions?

 

[Chris Ridd]

If I use the secure server but uncheck the authentication option, I get
this message:

A message in your Outbox could not be sent using account "Sympatico."
The server did not recognize the recipients or the server refuses to
allow you to send mail.
5.7.3 Requested action aborted; user not authenticated
Error: 5550

If I do specify authentication I get this message:

The SMTP server for "Sympatico" does not recognize any of the
authentication methods supported by Entourage. To send mail, try
disabling SMTP authentication in the account settings or talk to your
administrator.

An unknown error (5530) occurred

This is particularly frustrating, given that both client and server are
supplied by Microsoft.

Does anyone have any suggestions?

Entourage might not have spotted that different authentication methods are
now supported by your SMTP server, and it is persisting with whatever you
previously used.

I'm pretty sure I've observed that (using tcpdump) happening at work, when
we upgraded the SMTP AUTH support in our MTA.

Unfortunately I can't recall how I got Entourage to sort itself out :-(

Presumably the auth method Entourage remembers is associated with your (old)
account. Does creating a new account for your ISP help?

Cheers,

Chris

 

[Alan Quirt]

Entourage might not have spotted that different authentication methods are
now supported by your SMTP server, and it is persisting with whatever you
previously used.

I'm pretty sure I've observed that (using tcpdump) happening at work, when
we upgraded the SMTP AUTH support in our MTA.

Unfortunately I can't recall how I got Entourage to sort itself out :-(

Presumably the auth method Entourage remembers is associated with your (old)
account. Does creating a new account for your ISP help?

Cheers,

Chris

I just tried creating a brand new account and it behaves exactly like
the old one. Authentication is required, but not the kind of
authentication that Entourage is set up to use.

 

[Guest]

I just tried creating a brand new account and it behaves exactly like
the old one. Authentication is required, but not the kind of
authentication that Entourage is set up to use.

No-one seems to have a solution to this. AUTH-SMTP &&|| SSL seems to be
plain broken. Every MUA /except/ for Entougarbage seems to work fine.
Just use Apple Mail. Moreover "Apple Mail" utilizes "mbox" format
mailboxes, making them more standards compliant and therefore compatible by
many degrees of magnitude, thereby placating the fear of a great deal of
heartache in the future.

I will provide a packet-dump, when "Mister Shiny Mac" arrives today.

 

[Barry Wainwright]

No-one seems to have a solution to this. AUTH-SMTP &&|| SSL seems to be
plain broken. Every MUA /except/ for Entougarbage seems to work fine.

Entourage 2004 changed the way it negotiates a secure connection in order to
comply with internet protocol RFC 3207.

It seems some non-compliant server have a problem with this, most notably
ATT. Try the instructions here:
<http://www.entourage.mvps.org/accounts/att.html>

And see if it makes things better.

Just use Apple Mail. Moreover "Apple Mail" utilizes "mbox" format
mailboxes, making them more standards compliant and therefore compatible by
many degrees of magnitude, thereby placating the fear of a great deal of
heartache in the future.

Apples 'MBOX' files are not standard format, but a proprietary apple-only
package format. What's more, the format is changing again in the forthcoming
Tiger release, as has been widely reported.

Entourage is probably the most standards-compliant mail client on the mac
platform. If compliance is your big priority you are better off in
entourage.

 

[Guest]

Entourage 2004 changed the way it negotiates a secure connection in order to
comply with internet protocol RFC 3207.

There is no real standard though. That's the rub with AUTH_SMTP isn't it?
AUTH-SMTP + ESMTP + SECURE NEG for MTA's are actually spread across a
collection of nebulous RFC's...

http://www.google.com.au/search?hl=en&q=auth+smtp+rfc&btnG=Google+Search&meta=

RFC 3207 may be recent, but one has way more favor in selecting/changing an
MTA for a company, rather than MANY MUA's. Which makes more sense in terms
of deployment? Changing the MUA on 100's of workstations, only to realize
that they don't work with the primary MTA, or not changing anything at all,
because all currently deployed MUA's play well with the most widely
deployed MTA's; qmail, sendmail etc?

Given the obvious irony here; That being Microsoft's refusal to adhere to
standards, and subsequent attempts to foist their own "supposed standards"
upon people, does the following not form a perfect-fit-paradigm?

* In order to provide customers with as much compatibility as possible, a
vendor would best serve it's customers by making sure that it's product
operates with the current deployed infrastructure and not a fresh new
standard?

We can surmise:
With market driven product, things break easily...

It seems some non-compliant server have a problem with this, most notably
ATT. Try the instructions here:
<http://www.entourage.mvps.org/accounts/att.html>

And see if it makes things better.

Remember, Entourage is a "fringe" product compared to Outlook + it's
incantations, Eudora etc.

Apples 'MBOX' files are not standard format, but a proprietary apple-only
package format. What's more, the format is changing again in the forthcoming
Tiger release, as has been widely reported.

If you can open 'em up in a text editor, anyone with even basic CLI skills
can import export etc... Moreover, any sysadmin can easily fix stuff.

I had a case just a few weeks ago, where one "rogue" employee who insisted
on installing Entourage, came to me with a broken Entourage Database file.
He lost everything... I just laughed at him.

Entourage is probably the most standards-compliant mail client on the mac
platform. If compliance is your big priority you are better off in
entourage.

Yeah, but as stated above, this doesn't necessarily translate to a problem
free integration into the real world.

 

[Alan Quirt]

Entourage 2004 changed the way it negotiates a secure connection in order to
comply with internet protocol RFC 3207.

It seems some non-compliant server have a problem with this, most notably
ATT. Try the instructions here:
<http://www.entourage.mvps.org/accounts/att.html>

And see if it makes things better.
[/QUOTE]
Thanks for the hint, Barry.

The essence of it seems to be using an Apple SSL helper, which may
change the order in which parameters are negotiated. I have Entourage X
not 2004 (stated in my original post but lost in the quoting) but the
same trick just might work. I will report my results.

By the way the MTA is not ATT, but Sympatico/MSN. I find it ironic that
Microsoft's Entourage cannot negotiate a secure connection to
Microsoft's own secure server.