4
Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
Problem reported by Neil Colvin - 6/24/2015 at 4:18 PM
Submitted
When TLS is enabled, the following occurs on EVERY STARTTLS command received.  Only solution is to disable TLS.
This is 14.0.5647.
 
[2015.06.24] 10:49:37 [198.21.5.86][24343486] cmd: STARTTLS
[2015.06.24] 10:49:37 [198.21.5.86][24343486] rsp: 220 Start TLS negotiation
[2015.06.24] 10:49:37 [198.21.5.86][24343486] Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
[2015.06.24]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting, Log log, String sessionId)
[2015.06.24]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting)
[2015.06.24]    at MailService.TcpServerLib.SMTP.SMTPSession.#W8()
 

8 Replies

Reply to Thread
0
Bruce Barnes Replied
Did you properly export the SmarterMail CER file, mapping it to port 25 and 587 (port 25 for MX to MX traffic, and port 587 for client to MX ttaffic)? Are you running under IIS? Did you properly add the primarily, and secondary certificates to the operating system SSL store?
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Neil Colvin Replied
I followed these instructions exactly:
 
portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx
 
They do not mention most of the steps you mention in your post :(
 
I am running under IIS 7
 
 
0
Bruce Barnes Replied
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Neil Colvin Replied
I had done all that.  That was when I got the exception.  I have removed the TLS from the ports, and all works perfectly.
0
Matt Petty Replied
Employee Post
SmarterMail 14 supports .pfx files for setting up your SSL for your ports. It might be worth giving that a shot.

When you put the .pfx file in you should see a password field get added to that window, if you have given your .pfx file a password then your going to need to enter it into that field.
Matt Petty Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Bruce Barnes Replied
I just worked on one of these cases for a company in Pittsburgh Pennsylvania, and it turned out to be three issues:
 
  1. the CER file had not been properly exported
  2. the SECONDARY certificates had not been added to the SSL store
  3. the proper certificate had not been mapped to SSL
There is a whole lot more to this than just the SmarterMail portion.
 
additionally, all SSL ciphers are now depreciated and only TLS is allowed, so TLS 1.0, TLS 1.1, and TLS 1.2 must, depending on the capability of the operating system version, have been properly enabled.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Neil Colvin Replied
This is Windows Server 2008 R2.
 
All of the "Test Certificate" ran correctly.
 
The instructions only refer to a single certificate ???
0
Bruce Barnes Replied
Test your MAIL SERVER's fully qualified domain name, IE: mail.yourdomain.com, against this URL and see how it reports:
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread