× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi Chris,

Yes - I assigned the CA to the IBM SMTP Client in DCM

There was only one CA retrieved by openssl

I do think the problem is related to the IBM SMTP Client and the linking
to the CA as a wireshark trace does not show any TSL packets.

Thank you for your suggestion

Don Brown





From: Christopher Bipes <chris.bipes@xxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Cc: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxx>
Date: 25/06/2017 08:46 AM
Subject: RE: SNDDST / Send Email fails on Certificate error
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Did you make the imported CA's trusted for your SMTP Client within DCM
after you imported them?


Chris Bipes
Director of Information Services
CrossCheck, Inc.


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Don
Brown
Sent: Friday, June 23, 2017 8:30 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Cc: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxx>
Subject: Re: SNDDST / Send Email fails on Certificate error

Hi Brad,

This on is proving to be a real PITA!!

Ok here is the details.

Retrieve certificates from Exchange server ...

OpenSSL> s_client -connect MAIL.IUA.NET.AU:587 -starttls smtp
CONNECTED(00000114)
depth=0 CN = isuzueml1.isuzu.local
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = isuzueml1.isuzu.local
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=isuzueml1.isuzu.local
i:/CN=isuzueml1.isuzu.local
---
Server certificate
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
subject=/CN=isuzueml1.isuzu.local
issuer=/CN=isuzueml1.isuzu.local
---
No client certificate CA names sent
Peer signing digest: SHA1
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 1743 bytes and written 423 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID:
35220000ACDB822A0A9D92F011B2A6ECEC569D9B7E227BEE4560D1FDF4BDA9C9

Session-ID-ctx:
Master-Key:
09C8D5A1EFB353406582658A4B318CC5625DD5264807435542D339A0C37D81A4
2E66E0748542DF21AA91F35B89A454C9
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1498271234
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
250 CHUNKING
451 4.7.0 Timeout waiting for client input
read:errno=0
OpenSSL>


I then successfully saved the returned certificate to a text file and
converted to DER format, ftp'd to the IBM i and installed as CA into the
*SYSTEM Certificate store.

SNDDST still fails.

Below is most of the trace - I can provide the entire trace if required.

You will see at 06/24/2017 03:08:06.344 that client authentication failed.

If I try and send an email manually from the command line on the IBM i by
using telnet to port 25 of the Exchange server as soon as I enter the MAIL

FROM:don@xxxxxxxxxx the telnet session is dropped.

If I do the same from a DOS box on another server I am able to manually
send and receive the sent email.

It would appear I am still missing something - but what is the mystery!!!

06/24/2017 03:07:26.011 05 000 qtmsclcp.C 00854 ************* CLCP
EYE-CATCHER *****************
06/24/2017 03:07:26.020 05 000 qtmsclcp.C 00855 Client Control Program
Started
06/24/2017 03:07:26.020 05 000 qtmsclcp.C 00580 >>TOP<< of the CLCP loop
06/24/2017 03:07:26.020 05 000 qtmsclcp.C 00584 Waiting for work
06/24/2017 03:08:01.217 05 000 qtmsclcp.C 00586 Got work
06/24/2017 03:08:01.218 05 000 qtmsclcp.C 00588 Config reprocessed
06/24/2017 03:08:01.218 05 000 qtmsclcp.C 00591 Got piece of work (MCB)
from daemon
06/24/2017 03:08:01.219 05 000 qtmsclcp.C 00639 CNEWMAIL STATE -- never
sent
06/24/2017 03:08:01.219 05 000 qtmsclnt.C 01444 client_main: started
06/24/2017 03:08:01.219 05 000 qtmsclnt.C 09124 client_main: request param

1,call init_client
06/24/2017 03:08:01.219 05 000 qtmsclnt.C 02257 init_conn_slot: started
06/24/2017 03:08:01.219 05 000 qtmsclnt.C 02314 init_conn_slot: ended
06/24/2017 03:08:01.219 05 000 qtmsclnt.C 01792 init_client: started
06/24/2017 03:08:01.219 05 000 qtmsclnt.C 09124 get_trim_str: to_str
length 7,IUA400
06/24/2017 03:08:01.219 05 000 qtmsclnt.C 09124 get_trim_str: to_str
length 11,IUA.NET.AU
06/24/2017 03:08:01.219 05 000 qtmsbmxs.C 00164 CLTBNDIP6
06/24/2017 03:08:01.219 05 000 qtmsbmxs.C 00281 Need to load file, and
clear array
06/24/2017 03:08:01.221 05 000 qtmsbmxs.C 00385 OPENED DB FILE
QUSRSYS/QATMIP6IFC(CLTBNDIP6), #recs = 1
06/24/2017 03:08:01.221 05 000 qtmsbmxs.C 00138 CLTBNDIP4
06/24/2017 03:08:01.228 05 000 qtmsbmxs.C 00281 Need to load file, and
clear array
06/24/2017 03:08:01.229 05 000 qtmsbmxs.C 00385 OPENED DB FILE
QUSRSYS/QATMIFCLST(CLNTBNDIP), #recs = 1
06/24/2017 03:08:01.229 05 000 qtmsbmxs.C 00926 No CLTBND using inaddrany
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 01858 Client has no binding
addr's
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 01861 init_client: ended
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 01553 client_main: ended with
return code 0
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12187 retrieve_addresses start
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12203 Full Route:
<don@xxxxxxxxxx>
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12203
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12204 RCPT STATE: 0
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12241 Absolute Address:
don@xxxxxxxxxx
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12264 HUBSVR being used. All
email will be forwarded there
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12304 Current recipient is
<don@xxxxxxxxxx>
06/24/2017 03:08:01.229 05 000 qtmsclnt.C 12304
06/24/2017 03:08:01.236 05 000 qtmsclnt.C 12305 Current email domain is
MAIL.IUA.NET.AU
06/24/2017 03:08:01.236 05 000 qtmsclnt.C 12322 Domain has not been
resolved yet
06/24/2017 03:08:01.236 05 000 qtmsgmxp.C 00586 host MAIL.IUA.NET.AU was
found in LHT,getaddrinfo will retrieve it
06/24/2017 03:08:01.236 05 000 qtmsgmxp.C 00713 name in LHT, treat as
Address Record, adding to mx with priorty 0
06/24/2017 03:08:01.244 05 000 qtmsclnt.C 12417 Resolve worked
06/24/2017 03:08:01.244 05 000 qtmsclnt.C 12429 [MX:
MAIL.IUA.NET.AU,priority=0]
06/24/2017 03:08:01.244 05 000 qtmsclnt.C 12450 ::ffff:192.168.126.28
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 12469 Listing Rcpt by domain
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 12474 [MAIL.IUA.NET.AU]
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 12478 <don@xxxxxxxxxx>
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 12478
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 12496 retrieve_addresses end
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 01444 client_main: started
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 09124 client_main: request param

3,call ckmailstate
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 01972 newconn: started
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 01979 attempting conns for
domain
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 01983 MAIL.IUA.NET.AU
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 02001 There were resolved
recipients to send
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 02018 Attempting conn to
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 02019 ::ffff:192.168.126.28
06/24/2017 03:08:01.248 05 000 qtmsclnt.C 02159 getsocket: started
06/24/2017 03:08:01.249 05 000 qtmsclnt.C 09124 getsocket: sk des
0,Options: non-block, min delay
06/24/2017 03:08:01.249 05 000 qtmsclnt.C 02201 getsocket: ended with
return code 0
06/24/2017 03:08:01.249 05 000 qtmsclnt.C 02771 attempt_connection:
started
06/24/2017 03:08:01.249 05 000 qtmsclnt.C 02787 Socket Des = 0; Connecting

to IP Addr = ::ffff:192.168.126.28, port=25
06/24/2017 03:08:01.256 05 000 qtmsclnt.C 09124 attempt_connection: errno
3430,connect INPROGRESS, try POLL
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 02972 attempt_connection: ended
with return code 0
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 09124 newconn: done 1,breaking
out
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 02097 newconn: ended with return

code 0
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 01553 client_main: ended with
return code 0
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 01444 client_main: started
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 09124 client_main: request param

4,call processconn
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 02431 processconn: started
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 02436 current state CREPLYOPEN
06/24/2017 03:08:01.257 05 000 qtmsclnt.C 05235 replyopen: started
06/24/2017 03:08:01.260 05 000 qtmsclnt.C 06732 ConnType 0
06/24/2017 03:08:01.260 05 000 qtmsclnt.C 06789 getreplydata: len 97
06/24/2017 03:08:01.260 05 000 qtmsclnt.C 06790 Recv String:
06/24/2017 03:08:01.260 05 000 qtmsclnt.C 06791 220 isuzuEML1.isuzu.local
Microsoft ESMTP MAIL Service ready at Sat, 24 Jun 2017
06/24/2017 03:08:01.260 05 000 qtmsclnt.C 06791 13:08:35 +1000
06/24/2017 03:08:01.260 05 000 qtmsclnt.C 06834 getreplydata: len 95,220
isuzuEML1.isuzu.local Microsoft ESMTP MAIL Ser
06/24/2017 03:08:01.260 05 000 qtmsclnt.C 10028 Entering qtms_CheckSSL().
06/24/2017 03:08:01.334 05 000 qtmsclnt.C 10312 Return from qtmf_CheckSSL
is 1.
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 09124 replyopen: set conn state
to 9,call doehlo
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 03365 doehlo: started
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 09124 doehlo: cmd len 24,EHLO
IUA400.IUA.NET.AU
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 03431 Sending String:
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 03432 EHLO IUA400.IUA.NET.AU
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 05056 writecmd: started
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 09124 writecmd: before write
offset is 0,in conn_dataline
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 09124 writecmd: all sent, change

state to 32,len, off set to 0
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 05180 writecmd: ended with
return code 0
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 03444 doehlo: ended with return
code 0
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 05335 replyopen: ended with
return code 0
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 02704 current state next
CREPLYEHLO
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 02707 processconn: ended with
return code 0
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 01553 client_main: ended with
return code 0
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 01444 client_main: started
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 09124 client_main: request param

4,call processconn
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 02431 processconn: started
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 02436 current state CREPLYEHLO
06/24/2017 03:08:01.335 05 000 qtmsclnt.C 05522 replyehlo: started
06/24/2017 03:08:01.336 05 000 qtmsclnt.C 06732 ConnType 0
06/24/2017 03:08:01.336 05 000 qtmsclnt.C 06789 getreplydata: len 177
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06790 Recv String:
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-isuzuEML1.isuzu.local
Hello ¢192.168.126.12!
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-SIZE 36700160
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-PIPELINING
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-DSN
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-ENHANCEDSTATUSCODES
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-STARTTLS
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-8BITMIME
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250-BINARYMIME
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06791 250 CHUNKING
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06834 getreplydata: len
48,250-isuzuEML1.isuzu.local Hello ¢192.168.126.12!
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 09124 hyphen found in reply: len

48,250-isuzuEML1.isuzu.local Hello ¢192.168.126.12!
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06834 getreplydata: len
17,250-SIZE 36700160
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 09124 hyphen found in reply: len

17,250-SIZE 36700160
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 06834 getreplydata: len
14,250-PIPELINING
06/24/2017 03:08:01.337 05 000 qtmsclnt.C 09124 hyphen found in reply: len

14,250-PIPELINING
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06834 getreplydata: len
7,250-DSN
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 09124 hyphen found in reply: len

7,250-DSN
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06834 getreplydata: len
23,250-ENHANCEDSTATUSCODES
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 09124 hyphen found in reply: len

23,250-ENHANCEDSTATUSCODES
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06834 getreplydata: len
12,250-STARTTLS
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06855 STARTTLS support available
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 09124 hyphen found in reply: len

12,250-STARTTLS
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06834 getreplydata: len
12,250-8BITMIME
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 09124 hyphen found in reply: len

12,250-8BITMIME
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06834 getreplydata: len
14,250-BINARYMIME
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 09124 hyphen found in reply: len

14,250-BINARYMIME
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06932 More reply data to come...
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 06834 getreplydata: len 12,250
CHUNKING
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 09124 replyehlo: set conn state
to 13,call dostarttls
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 11788 getAuthParm: started
06/24/2017 03:08:01.338 05 000 qtmsclnt.C 09124 getAuthParm: domain=
0,MAIL.IUA.NET.AU
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 11830 Cannot not find key
QUSRSYS/QATMSCLTUS/SMTPCLTUSR.
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 11832 errno = '3102
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 11836 id:CPF5006
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 09124 replyehlo: set conn state
to 7,call domail
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 05585 WARNING, SSL/TLS support
is availabe on the remote server
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 03517 domail: started
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 09124 get_trim_str: to_str
length 11,QSECOFR.IUA
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 09124 get_trim_str: to_str
length 10,IUA.NET.AU
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 09124 domail: cmd len 36,MAIL
FROM:<QSECOFR.IUA@xxxxxxxxxx>
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 03677 Sending String:
06/24/2017 03:08:01.339 05 000 qtmsclnt.C 03678 MAIL
FROM:<QSECOFR.IUA@xxxxxxxxxx>
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 05056 writecmd: started
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 09124 writecmd: before write
offset is 0,in conn_dataline
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 09124 writecmd: all sent, change

state to 23,len, off set to 0
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 05180 writecmd: ended with
return code 0
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 03689 domail: ended with return
code 0
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 05655 replyehlo: ended with
return code 0
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 02704 current state next
CREPLYMAIL
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 02707 processconn: ended with
return code 0
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 01553 client_main: ended with
return code 0
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 01444 client_main: started
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 09124 client_main: request param

4,call processconn
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 02431 processconn: started
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 02436 current state CREPLYMAIL
06/24/2017 03:08:01.340 05 000 qtmsclnt.C 05710 replymail: started
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 06732 ConnType 0
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 06789 getreplydata: len 40
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 06790 Recv String:
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 06791 530 5.7.1 Client was not
authenticated
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 06834 getreplydata: len 38,530
5.7.1 Client was not authenticated
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 09124 replymail: command error
5,530 5.7.1 Client was not authenticated
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 09165 cmderror: started
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 09187 cmderror: ended
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 09124 replymail: (error) conn
state 6,call doquit
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 04974 doquit: started
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 09124 doquit: cmd len 6,QUIT
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 04988 Sending String:
06/24/2017 03:08:06.344 05 000 qtmsclnt.C 04989 QUIT

Don Brown


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.