SSL Probing broken in Mail.app
| Originator: | oliver.drobnik | ||
| Number: | rdar://12495607 | Date Originated: | Oct 14, 2012 |
| Status: | Open | Resolved: | |
| Product: | Mac OS X | Product Version: | 10.8.2 |
| Classification: | Serious Bug | Reproducible: | Always |
Summary: A mail server that is configured to use SSL over port 25 will block communication with Macs because they try to connect via encrypted connection before sending STARTTLS. Steps to Reproduce: Configure a Linux-based mail server to only use port 25 and only accept SSL connections. Expected Results: Mail.app should be able to connect and send mails. Connection Doctor should show a green light. Actual Results: Mail server blocks communication and logs such messages: Oct-14-12 10:34:48 [Worker_3] 212.183.126.246 [EarlyTalker] got 'non printable hex data' from the client before the '220 ...' server greeting was sent - rejecting connection Oct-14-12 10:34:48 [Worker_3] 212.183.126.246 [EarlyTalker] All connections from IP 212.183.126.246 will be rejected by assp for the next 15-30 minutes. Oct-14-12 10:34:52 [Worker_2] 212.183.126.246:55922 ATTENTION ! The EMERGENCY blocking for this IP will be lifted after an ASSP restart or at least in 15 minutes Regression: This was working fine in earlier OS X versions. Notes: My Linux admin told me that most likely the order in which mail.app tries to connect is incorrect. For connecting to port 25 it should first send the ordinary greeting stuff and then switch to SSL via the STARTTLS command.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!