Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Distributed Network Manager => Topic started by: Andrius on July 12, 2007, 09:25:44 PM

Title: Managed cliend does not support SMTP over TLS ?
Post by: Andrius on July 12, 2007, 09:25:44 PM

Does managed client support sending emails using secure SMTP over TLS ?
It seems like it does not support this feauture  ???
Email client Thunderbird.

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Vlk on July 12, 2007, 09:42:29 PM

Hi Andrius,

and welcome to the avast forums.

No, the mail scanner in the current version of avast does not support scanning of SSL/TLS streams.

Thanks
Vlk

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Andrius on July 12, 2007, 11:24:27 PM

Hi Vlk,

thanks for quick reply.
Any plans to release new version with tls support soon?

recently purchased 100 licenses of avast and need tls support...

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Vlk on July 13, 2007, 08:44:48 AM

It depends on your definition of soon but I'm afraid it won't happen too soon...
Honestly, it is not easy. SSL was designed to prevent man-in-the-middle - and that's what the avast mail scanner really is...

BTW you mentioned SMTP - does that mean that you primarily care about outbound mail? Or did you rather mean POP3/IMAP?

Thanks
Vlk

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Andrius on July 13, 2007, 10:31:19 AM

Yes, the question was about outgoing mail.

The problem is that users use TLS for outgoing mail and can't send emails.

How to disable outgoing mail scanner ?

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Vlk on July 13, 2007, 11:11:43 AM

Cannot send emails? That sounds pretty strange... What error message are they getting, exactly?
And is it SMTP on port 25 with STARTTLS, or pure TLS connection on port 465?

Thanks
Vlk

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Andrius on July 13, 2007, 12:17:40 PM

SMTP on port 25 with STARTTLS.
And getting this error with thunderbird:

Sending of message failed.
An error ocured sending mail: Unable to connect to SMTP server x.x.x.x via STARTTLS since it doesn't offer STARTTLS In EHLO reponse. Please verify that your Mail/News account settings are correct and try again.

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: vojtech on July 13, 2007, 12:27:47 PM

Yes, the mail scanner blocks STARTTLS on port 25. To disable SMTP scanning with ADNM, open properties of the respective group in computer catalog and in "Custom ini" tab put these two lines:

[MailScanner]
StartSmtp=0

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Andrius on July 13, 2007, 02:17:57 PM

Where can i find all defined custom ini parameters ?

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Vlk on July 13, 2007, 02:49:55 PM

By default, there are no "custom" settings (just the defaults).
Generally, the Custom INI Settings page is for fine-tuning the configuration (i.e. if there's no GUI control for something, you can usually change it by changing a custom INI setting).

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Andrius on July 13, 2007, 03:06:02 PM

Quote from: Vlk on July 13, 2007, 02:49:55 PM

By default, there are no "custom" settings (just the defaults).
Generally, the Custom INI Settings page is for fine-tuning the configuration (i.e. if there's no GUI control for something, you can usually change it by changing a custom INI setting).

But is there a list of settings that can be used ? 

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Vlk on July 13, 2007, 03:11:32 PM

http://forum.avast.com/index.php?topic=1647.0

But not all of the settings are relevant (and some have dedicated GUI controls).

Cheers
Vlk

Title: Re: Managed cliend does not support SMTP over TLS ?
Post by: Andrius on July 13, 2007, 03:25:47 PM

Thanks.
Waiting for TLS support.