TLS on 110/143 No Longer Work

Problem reported by Scarab - 9/4/2018 at 4:49 PM

Resolved

We apparently picked a bad time to migrate SmarterMail to a new server. Labor day weekend we migrated to a WinServer 2016 and upgraded to Enterprise v16.3.6816. Everything seemed to be fine over the weekend until Tuesday morning when the majority of our users logged in and things started to fall apart where no one was able to connect via IMAP or POP over TLS.

We installed update v16.3.6821 after reading the community threads. That didn't resolve the problem for us. We rebooted, but no dice.

We uninstalled v16.3.6821, rebooted, re-installed v16.3.6809 and rebooted again but IMAP and POP are still not working with TLS.

The Microsoft Remote Connectivity Analyzer is giving the following:

There was an error testing the IMAP service

S: * OK IMAP4rev1 SmarterMail

C: 1 CAPABILITY

S: * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 UIDPLUS QUOTA XLIST CHILDREN IDLE STARTTLS

C: 2 STARTTLS

S: 1 OK CAPABILITY completed

System.IO.IOException: The handshake failed due to an unexpected packet format.

at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)

at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)

at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolTester.SecureConnection()

at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()

Elapsed Time: 849 ms.

There was an error testing the POP service.

S: +OK POP3 server ready <aa6a1f12-e581-45ae-9a0c-29ab79dd44da@smartermail.scarabmedia.com>

C: CAPA

S: +OK Capability list follows

TOP

USER

UIDL

STLS

IMPLEMENTATION Smartertools_SmarterMail_1.5

.

C: STLS

S: +OK Start TLS negotiation

Secured: CN=smartermail.scarabmedia.com, OU=Domain Control Validated

C: CAPA

S: +

Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.MailProtocolException: +

at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.Pop3ProtocolTester.SendCommand(String command, String logString)

at Microsoft.Exchange.Tools.ExRca.Tests.ImapPop.BaseProtocolTest.PerformTestReally()

Elapsed Time: 1260 ms.

We re-enabled SSL on Ports 993/995/465 and those work fine. We reissued the Certs, re-exported them to PKCS #12 .PFX files, tried DER .cer format too. We ran IISCrypto and set everything back to server defaults. We disabled TCP & UDP Offload on the NICs. Nothing seems to make TLS work any longer, whereas it was testing fine before this morning and Webmail works fine over TLS 1.2. I'm at a complete loss of what else to try.

Any ideas?

19 Replies

Reply to Thread

Paul Blank Replied

9/4/2018 at 8:49 PM

Scarab, thanks for the info! (alas, I have no ideas about the TLS issues)

I actually migrated to a new server this past weekend as well, from an earlier version of SM, but used 15.7.6782 on the new machine - I decided even before the reports started coming in to hold off on .6821 for now - I don't use the anti-spam features (we use Symantec email security.cloud for in/outbound filtering), and figured the lighter load on the server would make us OK.

The migration went very well, with very few problems - I did my homework, it seems - and SM seems to be behaving, user experience and server resource-wise as well.

Besides the usual collection of smartphone users (mostly IOS), and most desktop users on webmail, we also have users on Thunderbird, Mac Mail, and Eudora(!) with POP3 (Eudora's IMAP implementation never worked right, and never will; Eudora's last version is something like 15 years old).

Ultimately, most users on this server will end up on Office 365; a few mailboxes will probably remain on SM.

As I said earlier on here somewhere, I am holding off upgrading from 15.7.6782 for awhile to see how .6821 shakes out.

Will be following this thread and others. Good luck to all of us!

Derek Curtis Replied

9/5/2018 at 9:44 AM

Employee Post

TLS issues are new, and I don't think they would have been caused by the TCP issues that were fixed with yesterday's build. We don't have any other reports of TLS issues (apart from some insecure connection errors)..nothing like what you have listed. I'll bring this to the devs and see if someone can chime in.

Derek Curtis

COO

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

Scarab Replied

9/5/2018 at 1:03 PM

Thanks Derek.

We've isolated the issue to MacOS & iOS clients (any email clients) and Outlook clients (any OS). Mozilla Thunderbird, eM Client, and Windows Mail are able to connect via POP-TLS or IMAP-TLS on Windows just fine. Android is fine too.

Some Mac Mail apps are able to connect but fail on Cram-MD5 Authentication, depending on the MacOS version (Sierra and before...whereas Thunderbird on MacOS Sierra connects but displays an insecure connection warning), but High Sierra and iOS 11 won't connect at all. Outlook 2003 - 2016 gives the error: "reported error (0x800CCC0F): 'The connection to the server was interruped. If this problem continues, contact your server administrator or Internet service provider (ISP)"

Scarab Replied

9/6/2018 at 1:21 PM

I tried creating brand new Ports for TLS and assigning them to a new IP address in SETTINGS > BINDINGS, installed a new Cert and exported it in PKCS#12 format to the file used in the Port assignments, and re-ran the connection tests using the Microsoft Remote Connectivity Analyzer and the same problem occurs. So that rules out that the mailConfig.xml may have gotten corrupted or that the MailService wasn't reading any updates to that file.

It's beginning to look like a STARTTLS issue. A connection can be made to those ports but when TLS negotiation begins (STARTTLS/STLS) it fails for Outlook and MacOS/iOS users, yet other email clients on Windows, Linux, and Android are able to negotiate STARTTLS just fine on those ports. I can rule out any Schannel settings such as Protocols, Ciphers, Hashes, Key Exchanges, and Cipher Suites as other clients can connect to POP-TLS and IMAP-TLS, just not MacOS/iOS & Outlook users. Something amiss is happening at the Application Layer with the SmarterMail service after the CAPA/CAPABILITY commands.

At this point we are directing clients to disable TLS in their email clients for existing accounts (they are S.O.L. if they need to add their account anew to the Mail app on MacOS/iOS) or to use EWS as a secure alternative (if their email client supports it).

I'm really at a loss as to what else to try. Derek, did the dev team come up with any findings or ideas?

Derek Curtis Replied

9/6/2018 at 1:57 PM

Employee Post

I've had a couple of devs look at this post and the steps you've taken, even those taken since I last posted. Unfortunately, they both said the same thing: any troubleshooting they'd recommend you've already tried. Did you try re-upgrading to 6821 with the new port/cert? Otherwise, this may need us to take a deeper dive via a support ticket and server access.

Derek Curtis

COO

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

Scarab Replied

9/6/2018 at 2:14 PM

Derek,

Since rolling back to 6809 didn't resolve the issue we uninstalled, rebooted, and re-installed 6821 which we are running currently. We did this on 9/5, so my last steps of adding new ports & bindings were all done on the latest & greatest.

We still have the same credentials in Smartermail for your Support as you used in our last Support Ticket. They are more than welcome to login to the Smartermail interface. If they need RDP access, however, I'll have to re-set that up.

Matt Petty Replied

9/7/2018 at 7:24 AM

Employee Post

Do you have any issues with the other ports 993, 995 and 465?
Trying to put a full picture together. I also have a ssl tool I made recently that I might to to add a small function to allowing client tests. Allows me to get more detailed information while still using the same .net environment allowing me to replicate things that SM might do.

Matt Petty

Software Developer

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

Scarab Replied

9/7/2018 at 9:19 AM

Matt,

All email clients on every OS seem to be working with the Implicit Ports that are set to SSL (993, 995, 465). The problem only seems to be with the Explicit ports set with TLS (25, 110, 143) that use unencrypted connections for the initial connection and switch to secure when STARTTLS/STLS commands are given by the client. Those clients having an issue complain that the connection is reset or that handshake fails during negotiation on the Explicit ports, whereas they are able to successfully negotiate a connection when the encryption is Implicit.

TBH, not sure where Port 587 stands in all of this. I would assume since it is Explicit these same clients would have an issue with it but honestly troubleshooting never got that far.

Matt Petty Replied

9/7/2018 at 10:16 AM

Employee Post

Issues with those ports ( talking about 25 specifically) have been getting blocked lately. ISP blocking inbound port 25 has been common but within the past year I've noticed that my ISP has now actually started blocking OUTBOUND port 25, breaking my clients and tests sometimes unless I give them an alternative port, when I work from home. That is not the issue here but I'm just giving my experience as something to keep note of when working with clients.

The tool I just wrote to test TLS connections, I was actually trying to figure out why I couldn't get it to work with external connections and it tripped my up for a few minutes that I was trying port 25 and I'm working from home today.

Matt Petty

Software Developer

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

Matt Petty Replied

9/7/2018 at 10:19 AM

Employee Post

I'll privately message the details to you on how to use it. It's nothing crazy just connects to using to a hostname and port using SMTP and initiates STARTTLS and print some information about the connection. I made sure to write it using the exact same mechanisms that SM uses for creating and securing connections.

Matt Petty

Software Developer

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

Scarab Replied

9/7/2018 at 11:02 AM

Matt,

I ran the app you sent (had to remember that my work computer has Avast! that redirects 110,143,25 ports by default and manually disable that). Here are the results:

Smtp server hostname (result from MX): smartermail.scarabmedia.com	
Smtp server remote Port: 587
Local IP to bind to (leave blank to use default):
remoteIP: 207.55.232.8
hostName: smartermail.scarabmedia.com
port: 587
Connect Success!
Connection Info
Protocol: Tls12
CipherAlorithm: Aes256
CipherStrength: 256
HashAlgorithm: Sha384
HashStrength: 0
KeyExchangeAlgorithm: DiffieHellman
KeyExchangeStrength: 2048

Smtp server hostname (result from MX): smartermail.scarabmedia.com	
Smtp server remote Port: 25
Local IP to bind to (leave blank to use default):
remoteIP: 207.55.232.8
hostName: smartermail.scarabmedia.com
port: 25
Connect Success!
Connection Info
Protocol: Tls12
CipherAlorithm: Aes256
CipherStrength: 256
HashAlgorithm: Sha384
HashStrength: 0
KeyExchangeAlgorithm: DiffieHellman
KeyExchangeStrength: 2048

Smtp server hostname (result from MX): smartermail.scarabmedia.com	
Smtp server remote Port: 465
Local IP to bind to (leave blank to use default):
remoteIP: 207.55.232.8
hostName: smartermail.scarabmedia.com
port: 465
Exception:System.Net.Sockets.SocketException (0x80004005): An existing connection was forcibly closed by the remote host
	at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
	at TLSTest.Program.Main(String[] args)

For reference here is the Bindings section of our mailConfig.xml

  <!-- ** IP Binding Settings ***************************** -->
  <IPBindingManager>
    <IPBindingPort>
      <UID>cb0cd2c183564192b73d020fb4dbeeec</UID>
      <Name>SMTP</Name>
      <Port>25</Port>
      <Description>Default SMTP Port</Description>
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath />
      <Password />
    </IPBindingPort>
    <IPBindingPort>
      <UID>9bedce85a9844bddb8cf191064beb342</UID>
      <Name>POP</Name>
      <Port>110</Port>
      <Description>Default POP Port</Description>
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath />
      <Password />
    </IPBindingPort>
    <IPBindingPort>
      <UID>7b6a2f0f828e479988cb33c00a1e1dfd</UID>
      <Name>LDAP</Name>
      <Port>389</Port>
      <Description>Default LDAP Port</Description>
      <Type>LDAP</Type>
      <isTLS>False</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath />
      <Password />
    </IPBindingPort>
    <IPBindingPort>
      <UID>3ec33a96509740a0bad90f7bd57182ec</UID>
      <Name>Submission Port TLS</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>6693010d63ad404a8516c5b98348d097</UID>
      <Name>SMTP SSL</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c9c751b1aacf4d61a22ec9a8c3d5e555</UID>
      <Name>POP SSL</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>7836cd8778e94ae9953847f581811913</UID>
      <Name>SMTP TLS</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>a1bcb3b8580b4abd900633561aa1b0ec</UID>
      <Name>POP TLS</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>e0baa3300bbb4d339ef85b6e051379f0</UID>
      <Name>XMPP</Name>
      <Port>5222</Port>
      <Description>Default XMPP Client Port</Description>
      <Type>XMPP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>bdc75e0ba64f408eadd410192d877fde</UID>
      <Name>IMAP TLS</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>b4fc69efc59d4c8e892bd6eddf867017</UID>
      <Name>IMAP SSL</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\smartermail.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>7f16dd1529114d948228ea6a57867e5f</UID>
      <Name>IMAP</Name>
      <Port>143</Port>
      <Description>Default IMAP Port</Description>
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath />
      <Password />
    </IPBindingPort>
    <IPBindingPort>
      <UID>e1e481c1bef143e5b84823c25712f4fe</UID>
      <Name>Submission Port</Name>
      <Port>587</Port>
      <Description>Default Submission Port</Description>
      <Type>Submission</Type>
      <isTLS>False</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath />
      <Password />
    </IPBindingPort>
    <IPBindingPort>
      <UID>11b1fb6650fc4c81a9b25ece431795c7</UID>
      <Name>SMTP TLS - Ashlandhome.net</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandhome.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>290a33953deb4d4aaf91991240f42f7b</UID>
      <Name>POP TLS - Ashlandhome.net</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandhome.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>de97afd422bd4354bc729b33d2e43926</UID>
      <Name>IMAP TLS - Ashlandhome.net</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandhome.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>3abb010883ed4ffebe91f297ca836edc</UID>
      <Name>Submission Port TLS - Ashlandhome.net</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandhome.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>08b18ad6a1374281ad7f7db20b33cfc9</UID>
      <Name>POP SSL - Ashlandhome.net</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandhome.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>eca4dc4d10174c96b7b5dd892face195</UID>
      <Name>IMAP SSL - Ashlandhome.net</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandhome.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c7dd61b055254ff0b8e2ecca981a2f06</UID>
      <Name>SMTP SSL - Ashlandhome.net</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandhome.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>b2031b532a8b4bd1b3989092bfd114b0</UID>
      <Name>SMTP TLS - Mtashland.net</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.mtashland.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>568fbb0ec7c741a5b4411873acf466d9</UID>
      <Name>POP TLS - Mtashland.net</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.mtashland.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>609131de6f3c49fca5713e37cb691063</UID>
      <Name>IMAP TLS - Mtashland.net</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.mtashland.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>6736fd97a2ae4cf4918af360391bd1c1</UID>
      <Name>SMTP SSL - Mtashland.net</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.mtashland.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>a6d23d9ddc9e4b9281041c157a218055</UID>
      <Name>Submission Port TLS - Mtashland.net</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.mtashland.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>b20c62efd20b43adbf8a455b22a58aca</UID>
      <Name>IMAP SSL - Mtashland.net</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.mtashland.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>bbc183548bec4b01aea2b4a23846384f</UID>
      <Name>POP SSL - Mtashland.net</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.mtashland.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>b7bd5da8a126414db4e5ef34574d44e0</UID>
      <Name>SMTP TLS - Ashlandnet.net</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandnet.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c552ff9fb9d74b9b9740643b79b10616</UID>
      <Name>POP TLS - Ashlandnet.net</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandnet.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>93311735e460430597cd00dfe38094ce</UID>
      <Name>IMAP TLS - Ashlandnet.net</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandnet.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>bc394304047044f1ac5845613eedfb29</UID>
      <Name>SMTP SSL - Ashlandnet.net</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandnet.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>3492c9630c2b4ddb905935936bfed42e</UID>
      <Name>Submission Port TLS - Ashlandnet.net</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandnet.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>89b4927797014544aabb9919c231144d</UID>
      <Name>IMAP SSL - Ashlandnet.net</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandnet.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>d2194d2039c141678dd7bba33f9f74dd</UID>
      <Name>POP SSL - Ashlandnet.net</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandnet.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>0ed7e90e42cb417bb8effc7f85eabddd</UID>
      <Name>SMTP TLS - Ashlandoregon.org</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandoregon.org.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>f133397c149c4905a343e10baeb9556e</UID>
      <Name>POP TLS - Ashlandoregon.org</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandoregon.org.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>4756df0afea74149ae84f9e5e71f672f</UID>
      <Name>IMAP TLS - Ashlandoregon.org</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandoregon.org.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>496fcdb9a2bc4c3288d93299f91f50a3</UID>
      <Name>SMTP SSL - Ashlandoregon.org</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandoregon.org.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>e04b04075965472093817ba3211e0fb0</UID>
      <Name>Submission Port TLS - Ashlandoregon.org</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandoregon.org.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>a3a538c6188b45e9b3cfbf208878c32b</UID>
      <Name>IMAP SSL - Ashlandoregon.org</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandoregon.org.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c615ffcdc93d496aaffce8dfd3ca235b</UID>
      <Name>POP SSL - Ashlandoregon.org</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandoregon.org.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>8b71338ed54f424e9346d12a34121895</UID>
      <Name>SMTP TLS - Lithiawater.com</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.lithiawater.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>22301b80123346b5a571f2caa0a15911</UID>
      <Name>POP TLS - Lithiawater.com</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.lithiawater.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>d391a272e739419da96725a30019557c</UID>
      <Name>IMAP TLS - Lithiawater.com</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.lithiawater.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>db73ba0923004c43bbc6875f91247962</UID>
      <Name>SMTP SSL - Lithiawater.com</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.lithiawater.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>4f2499077d1742ce88b4383106bd91e7</UID>
      <Name>Submission Port TLS - Lithiawater.com</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.lithiawater.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>939b7076f88d49fabf39f9004dd92ed5</UID>
      <Name>IMAP SSL - Lithiawater.com</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.lithiawater.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>7b7737d38d884c0185c1f3d05defad31</UID>
      <Name>POP SSL - Lithiawater.com</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.lithiawater.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>a0d6db90e585488e90278a02400658a6</UID>
      <Name>SMTP TLS - Ashlandcreek.net</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandcreek.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>94b35d6b20d54d198c5d6eced836abe9</UID>
      <Name>POP TLS - Ashlandcreek.net</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandcreek.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>1ea763fcc2b54d68ac715a5a5754b1e5</UID>
      <Name>IMAP TLS - Ashlandcreek.net</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandcreek.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c9260378f9304c268ef3d6e957dbb61c</UID>
      <Name>SMTP SSL - Ashlandcreek.net</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandcreek.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>7a8561a2da46402ab309c7c979e19706</UID>
      <Name>Submission Port TLS - Ashlandcreek.net</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.ashlandcreek.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>bade193e77a645979f23384759c83ef1</UID>
      <Name>IMAP SSL - Ashlandcreek.net</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandcreek.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>e75de7ddeeec404b85c544033fb2c9dc</UID>
      <Name>POP SSL - Ashlandcreek.net</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.ashlandcreek.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>efb5f8e1161246e58fa8fefca4636437</UID>
      <Name>SMTP TLS - 97520.net</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.97520.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>ebe8c7fadccc4f0f9cfe0c8561814355</UID>
      <Name>POP TLS - 97520.net</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.97520.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>77bcdfd182ec4bdca4696f48704738f6</UID>
      <Name>IMAP TLS - 97520.net</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.97520.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>823f6280b82a4ec0b673856c00843289</UID>
      <Name>SMTP SSL - 97520.net</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.97520.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>2e1230ea78664ca5ad02ca1ec5ab6283</UID>
      <Name>Submission Port TLS - 97520.net</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mail.97520.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>ac4e00d4d38a4bf29c15ddfab251be4b</UID>
      <Name>IMAP SSL - 97520.net</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.97520.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>44a71373feb54f1bbf4647d3c3878179</UID>
      <Name>POP SSL - 97520.net</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mail.97520.net.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c6894d51f2924b48b0441f80a304f923</UID>
      <Name>SMTP TLS - Opendoor.com</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailx.opendoor.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>748526f31e5e4bfe8e9830bfdb3f6678</UID>
      <Name>POP TLS - Opendoor.com</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailx.opendoor.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>db34c9ee65da4bd4a80c28597e6721da</UID>
      <Name>IMAP TLS - Opendoor.com</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailx.opendoor.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>88dae9591279404993f9a41aaed81349</UID>
      <Name>SMTP SSL - Opendoor.com</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mailx.opendoor.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>0aa8b448e44a46ea80338b092dc9cd09</UID>
      <Name>Submission Port TLS - Opendoor.com</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailx.opendoor.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>0ba42546101b4f14b28e871a5ea30adb</UID>
      <Name>IMAP SSL - Opendoor.com</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mailx.opendoor.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>8fa5115d20904b23b8de309974f8065e</UID>
      <Name>POP SSL - Opendoor.com</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\mailx.opendoor.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>f570f9c56a7544409d05ab5ff96fe327</UID>
      <Name>SMTP TLS - Projecta.com</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\imail.projecta.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>f2403df365d64632b1c015ad80ac1ca8</UID>
      <Name>POP TLS - Projecta.com</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\imail.projecta.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>ecdce4520d1a4e748ca1be5c26bb8718</UID>
      <Name>IMAP TLS - Projecta.com</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\imail.projecta.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>1149b06f06504b2f85a33aa7e418073d</UID>
      <Name>SMTP SSL - Projecta.com</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\imail.projecta.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>4d2df03a0c734079bd5702d0493f4428</UID>
      <Name>Submission Port TLS - Projecta.com</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\imail.projecta.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>8490c05198a544ad85508e296b1da303</UID>
      <Name>IMAP SSL - Projecta.com</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\imail.projecta.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c0f46c3e302e47b88509b74ff8625a51</UID>
      <Name>POP SSL - Projecta.com</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>False</isTLS>
      <isSSL>True</isSSL>
      <CertificatePath>c:\certs\imail.projecta.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>1ae9a4178c474b67aeed3495bb18035e</UID>
      <Name>SMTP TLS - Mailtest</Name>
      <Port>25</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailtest.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>17296d5d88b642fab9695a6094050ec6</UID>
      <Name>SMTP SSL - MailTest</Name>
      <Port>465</Port>
      <Description />
      <Type>SMTP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailtest.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>c7cc2177ba3049edae3f2480b3216a72</UID>
      <Name>Submission Port TLS - MailTest</Name>
      <Port>587</Port>
      <Description />
      <Type>Submission</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailtest.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>5ccb3b6d01a3451a9e991b4e99b58a77</UID>
      <Name>POP TLS - Mailtest</Name>
      <Port>110</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailtest.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>a85939f4429142e7a0a126bbbbc58f31</UID>
      <Name>POP SSL - MailTest</Name>
      <Port>995</Port>
      <Description />
      <Type>POP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailtest.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>7a059d32ba184bee8c5455feeb492585</UID>
      <Name>IMAP TLS - MailTest</Name>
      <Port>143</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailtest.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingPort>
      <UID>6270c7b9a98b4c73bef7d6745a7779c8</UID>
      <Name>IMAP SSL - MailTest</Name>
      <Port>993</Port>
      <Description />
      <Type>IMAP</Type>
      <isTLS>True</isTLS>
      <isSSL>False</isSSL>
      <CertificatePath>c:\certs\mailtest.scarabmedia.com.pfx</CertificatePath>
      <Password>HashedPWord</Password>
    </IPBindingPort>
    <IPBindingInfo>
      <IPAddress>192.168.1.8</IPAddress>
      <Description>smartermail.scarabmedia.com</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>7836cd8778e94ae9953847f581811913</IPBindItem>
      <IPBindItem>a1bcb3b8580b4abd900633561aa1b0ec</IPBindItem>
      <IPBindItem>bdc75e0ba64f408eadd410192d877fde</IPBindItem>
      <IPBindItem>7b6a2f0f828e479988cb33c00a1e1dfd</IPBindItem>
      <IPBindItem>6693010d63ad404a8516c5b98348d097</IPBindItem>
      <IPBindItem>3ec33a96509740a0bad90f7bd57182ec</IPBindItem>
      <IPBindItem>b4fc69efc59d4c8e892bd6eddf867017</IPBindItem>
      <IPBindItem>c9c751b1aacf4d61a22ec9a8c3d5e555</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.100</IPAddress>
      <Description>mail.ashlandhome.net</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>11b1fb6650fc4c81a9b25ece431795c7</IPBindItem>
      <IPBindItem>290a33953deb4d4aaf91991240f42f7b</IPBindItem>
      <IPBindItem>de97afd422bd4354bc729b33d2e43926</IPBindItem>
      <IPBindItem>c7dd61b055254ff0b8e2ecca981a2f06</IPBindItem>
      <IPBindItem>3abb010883ed4ffebe91f297ca836edc</IPBindItem>
      <IPBindItem>eca4dc4d10174c96b7b5dd892face195</IPBindItem>
      <IPBindItem>08b18ad6a1374281ad7f7db20b33cfc9</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.101</IPAddress>
      <Description>mail.lithiawater.com</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>8b71338ed54f424e9346d12a34121895</IPBindItem>
      <IPBindItem>22301b80123346b5a571f2caa0a15911</IPBindItem>
      <IPBindItem>d391a272e739419da96725a30019557c</IPBindItem>
      <IPBindItem>db73ba0923004c43bbc6875f91247962</IPBindItem>
      <IPBindItem>4f2499077d1742ce88b4383106bd91e7</IPBindItem>
      <IPBindItem>939b7076f88d49fabf39f9004dd92ed5</IPBindItem>
      <IPBindItem>7b7737d38d884c0185c1f3d05defad31</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.102</IPAddress>
      <Description>mail.ashlandoregon.org</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>0ed7e90e42cb417bb8effc7f85eabddd</IPBindItem>
      <IPBindItem>f133397c149c4905a343e10baeb9556e</IPBindItem>
      <IPBindItem>4756df0afea74149ae84f9e5e71f672f</IPBindItem>
      <IPBindItem>496fcdb9a2bc4c3288d93299f91f50a3</IPBindItem>
      <IPBindItem>e04b04075965472093817ba3211e0fb0</IPBindItem>
      <IPBindItem>a3a538c6188b45e9b3cfbf208878c32b</IPBindItem>
      <IPBindItem>c615ffcdc93d496aaffce8dfd3ca235b</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.103</IPAddress>
      <Description>mail.ashlandnet.net</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>b7bd5da8a126414db4e5ef34574d44e0</IPBindItem>
      <IPBindItem>c552ff9fb9d74b9b9740643b79b10616</IPBindItem>
      <IPBindItem>93311735e460430597cd00dfe38094ce</IPBindItem>
      <IPBindItem>bc394304047044f1ac5845613eedfb29</IPBindItem>
      <IPBindItem>3492c9630c2b4ddb905935936bfed42e</IPBindItem>
      <IPBindItem>89b4927797014544aabb9919c231144d</IPBindItem>
      <IPBindItem>d2194d2039c141678dd7bba33f9f74dd</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.104</IPAddress>
      <Description>mail.mtashland.net</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>b2031b532a8b4bd1b3989092bfd114b0</IPBindItem>
      <IPBindItem>568fbb0ec7c741a5b4411873acf466d9</IPBindItem>
      <IPBindItem>609131de6f3c49fca5713e37cb691063</IPBindItem>
      <IPBindItem>6736fd97a2ae4cf4918af360391bd1c1</IPBindItem>
      <IPBindItem>a6d23d9ddc9e4b9281041c157a218055</IPBindItem>
      <IPBindItem>b20c62efd20b43adbf8a455b22a58aca</IPBindItem>
      <IPBindItem>bbc183548bec4b01aea2b4a23846384f</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.105</IPAddress>
      <Description>mail.ashlandcreek.net</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>a0d6db90e585488e90278a02400658a6</IPBindItem>
      <IPBindItem>94b35d6b20d54d198c5d6eced836abe9</IPBindItem>
      <IPBindItem>1ea763fcc2b54d68ac715a5a5754b1e5</IPBindItem>
      <IPBindItem>c9260378f9304c268ef3d6e957dbb61c</IPBindItem>
      <IPBindItem>7a8561a2da46402ab309c7c979e19706</IPBindItem>
      <IPBindItem>bade193e77a645979f23384759c83ef1</IPBindItem>
      <IPBindItem>e75de7ddeeec404b85c544033fb2c9dc</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.106</IPAddress>
      <Description>mail.97520.net</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>efb5f8e1161246e58fa8fefca4636437</IPBindItem>
      <IPBindItem>ebe8c7fadccc4f0f9cfe0c8561814355</IPBindItem>
      <IPBindItem>77bcdfd182ec4bdca4696f48704738f6</IPBindItem>
      <IPBindItem>823f6280b82a4ec0b673856c00843289</IPBindItem>
      <IPBindItem>2e1230ea78664ca5ad02ca1ec5ab6283</IPBindItem>
      <IPBindItem>ac4e00d4d38a4bf29c15ddfab251be4b</IPBindItem>
      <IPBindItem>44a71373feb54f1bbf4647d3c3878179</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.107</IPAddress>
      <Description>mailx.opendoor.com</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>c6894d51f2924b48b0441f80a304f923</IPBindItem>
      <IPBindItem>748526f31e5e4bfe8e9830bfdb3f6678</IPBindItem>
      <IPBindItem>db34c9ee65da4bd4a80c28597e6721da</IPBindItem>
      <IPBindItem>88dae9591279404993f9a41aaed81349</IPBindItem>
      <IPBindItem>0aa8b448e44a46ea80338b092dc9cd09</IPBindItem>
      <IPBindItem>0ba42546101b4f14b28e871a5ea30adb</IPBindItem>
      <IPBindItem>8fa5115d20904b23b8de309974f8065e</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.108</IPAddress>
      <Description>imail.projecta.com</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>f570f9c56a7544409d05ab5ff96fe327</IPBindItem>
      <IPBindItem>f2403df365d64632b1c015ad80ac1ca8</IPBindItem>
      <IPBindItem>ecdce4520d1a4e748ca1be5c26bb8718</IPBindItem>
      <IPBindItem>1149b06f06504b2f85a33aa7e418073d</IPBindItem>
      <IPBindItem>4d2df03a0c734079bd5702d0493f4428</IPBindItem>
      <IPBindItem>8490c05198a544ad85508e296b1da303</IPBindItem>
      <IPBindItem>c0f46c3e302e47b88509b74ff8625a51</IPBindItem>
      <IPBindItem>e0baa3300bbb4d339ef85b6e051379f0</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.9</IPAddress>
      <Description>gateway.scarabmedia.com</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>7836cd8778e94ae9953847f581811913</IPBindItem>
      <IPBindItem>3ec33a96509740a0bad90f7bd57182ec</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>127.0.0.1</IPAddress>
      <Description />
      <IpType>IPv4</IpType>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>::1</IPAddress>
      <Description />
      <IpType>IPv6</IpType>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.109</IPAddress>
      <Description>Test Server</Description>
      <IpType>IPv4</IpType>
      <IPBindItem>1ae9a4178c474b67aeed3495bb18035e</IPBindItem>
      <IPBindItem>17296d5d88b642fab9695a6094050ec6</IPBindItem>
      <IPBindItem>c7cc2177ba3049edae3f2480b3216a72</IPBindItem>
      <IPBindItem>5ccb3b6d01a3451a9e991b4e99b58a77</IPBindItem>
      <IPBindItem>a85939f4429142e7a0a126bbbbc58f31</IPBindItem>
      <IPBindItem>7a059d32ba184bee8c5455feeb492585</IPBindItem>
      <IPBindItem>6270c7b9a98b4c73bef7d6745a7779c8</IPBindItem>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.240.4</IPAddress>
      <Description />
      <IpType>IPv4</IpType>
    </IPBindingInfo>
    <IPBindingInfo>
      <IPAddress>192.168.1.236</IPAddress>
      <Description />
      <IpType>IPv4</IpType>
    </IPBindingInfo>
  </IPBindingManager>
  <IPBindings>
    <default_smtp_out />
    <default_smtp_out_ipv6 />
    <OutboundDeliveryBinding>DomainsIP</OutboundDeliveryBinding>
    <OutboundDeliveryBindingIPv6>Disable</OutboundDeliveryBindingIPv6>
  </IPBindings>

Scarab Replied

9/7/2018 at 11:12 AM

Post-Script: I verified with multiple customers experiencing the problems with Explicit ports 25/110/143 that there are no problems with an Explicit TLS connection on submission port 587.

Matt Petty Replied

9/7/2018 at 11:18 AM

Employee Post

The last test you did doesn't work because I believe STARTTLS doesn't function on that as it's an SSL only connection which my tool does not test. I only test for STARTTLS (for the moment), I'll add more to it as I need as time goes on.

Matt Petty

Software Developer

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

Matt Petty Replied

9/7/2018 at 11:18 AM

Employee Post

You might be able to work with one of your customers having the issue to and see if they can run that tool and see if it errors out. It could show an issue between your clients and your server.

Matt Petty

Software Developer

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

Scarab Replied

9/7/2018 at 3:05 PM

May have found the issue, which would explain why it affects only certain email clients and not others:

openssl.exe s_client -connect smartermail.scarabmedia.com:25 -starttls smtp

CONNECTED(00000178)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc."
, CN = Starfield Root Certificate Authority - G2
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=smartermail.scarabmedia.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://cert
s.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://cert
s.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield R
oot Certificate Authority - G2
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield R
oot Certificate Authority - G2
   i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Aut
hority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGjjCCBXagAwIBAgIINVyWMMNFfawwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUw
IwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypo
dHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNV
BAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIw
HhcNMTgwOTA0MjIxNjIzWhcNMTkwMzI3MTYxNTAwWjBJMSEwHwYDVQQLExhEb21h
aW4gQ29udHJvbCBWYWxpZGF0ZWQxJDAiBgNVBAMTG3NtYXJ0ZXJtYWlsLnNjYXJh
Ym1lZGlhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJPGSF5q
WFXHINO72EgeRnkZnkV/Gt9EP++eiy9LKcZEPIrxbawZPn9XtwYG0pu/tu3Ana82
5N7f4urmZOT7O1HFJY0jZoJmHweTKa0akvV0JBEzxJX4i4ijkOKjCSn9nSFUN8Pk
iM+VoHLncuY6OyHNAee6Ke31hUoy1MPMSb2iR9yEf+x2X++o2evtf4tKeJ1TkqA/
sgKLhJjApJxxgzx20Xdv7Wb/5LTT95rjJw8q+Lmv/n2kOH5q4kcgDGd2qW7soeZO
WFnjQNpjZySGlqRy2vlZjuK+oyJ0dlLVjPgQxeCtBt0M0q4Zib7Iv188rmVSAAVS
8fgSC5Akx8OXc28CAwEAAaOCAvowggL2MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA9BgNVHR8ENjA0
MDKgMKAuhixodHRwOi8vY3JsLnN0YXJmaWVsZHRlY2guY29tL3NmaWcyczEtMTIz
LmNybDBjBgNVHSAEXDBaME4GC2CGSAGG/W4BBxcBMD8wPQYIKwYBBQUHAgEWMWh0
dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8w
CAYGZ4EMAQIBMIGCBggrBgEFBQcBAQR2MHQwKgYIKwYBBQUHMAGGHmh0dHA6Ly9v
Y3NwLnN0YXJmaWVsZHRlY2guY29tLzBGBggrBgEFBQcwAoY6aHR0cDovL2NlcnRp
ZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmaWcyLmNydDAf
BgNVHSMEGDAWgBQlRYFoUCY4PTstLL7Natm2PbNmYzBHBgNVHREEQDA+ghtzbWFy
dGVybWFpbC5zY2FyYWJtZWRpYS5jb22CH3d3dy5zbWFydGVybWFpbC5zY2FyYWJt
ZWRpYS5jb20wHQYDVR0OBBYEFB6ZGapMUsC0ftwRwe94dmvt1efeMIIBAwYKKwYB
BAHWeQIEAgSB9ASB8QDvAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN
3BAAAAFlpqh5+QAABAMARjBEAiA+9P8CsoHPbmfhfYGOYbEgOLJlUDw1IZX/rWz/
WlPyLwIgTMrg9mX+zBLZHYxUOfnSqEgJO0xISK+Rob1/aCaXc9EAdgB0ftqDMa0z
EJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWWmqHsIAAAEAwBHMEUCIAtx74OU
ZadjrbBtFdaHR053wEmtVGfIjNU93CrKLhjQAiEA5zzpsuxwpB/7YpqvcPF4vBQc
dByX/ILaTc3E/C47/Y4wDQYJKoZIhvcNAQELBQADggEBAEEYtUV04XCmlwf4LIm0
MQ2nDWefq8HnYYWdVkFBevVI5ReaMvYlVlF+VRUH3+uVndSxeQBvTlnpJXMO37fV
ETZuaZdgahMfN80z1lw769q3h9vkzI1QtLq/D1fmrgPF7+G1v1g2PXI5y9tVP9OH
1bn6Rd6g4/uS7ztqlYzYSHqtlnEfpOWIOuWs38vLLC6hh6ilL+JIcrTxgXRBjnVh
SpVXOr7e5kbYF6YGOrE7V/NR/HSJ/3eD/n1gYhvkcvQ3+sCjOvfPwWtWJ/9fc3rZ
VyktAXldnZKuoA9OeAuT7wzdJESrlIgSMStQw3umUEo9aFb5P5UjQMc5DJyea3Za
9FQ=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=smartermail.scarabmedia.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://ce
rts.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2

---
No client certificate CA names sent
Peer signing digest: SHA1
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4874 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 8E4400000A6A114C22BC69A01193395E65445C6D58541DB92DA36E049A28F33E

    Session-ID-ctx:
    Master-Key: BE018A1976A3265C0621674BD4AF4AD990DF82719293E4A90DA200ED815262C2
F542A5793AA627ECE2CEA37EBF51A3A6
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1536356383
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 OK

Same issue happens with LetsEncrypt certs on the other Hostnames & IPs.

My working hypothesis at this point is that any email clients that do verification of all certificates in the chain are failing when they are unable to get local issuer certificate.

The perplexing thing is all the Intermediary & Root Certs (for both Starfield & LetsEncrypt, depending on which IP or Hostname they are connecting to) are installed.

I'm going to delete all the Starfield and LetsEncrypt Intermediate and Root Certs from all CertStores and reinstall those packages manually, and then re-export the installed certs including all certs in the certification path and see if that resolves the issue.

Scarab Replied

9/7/2018 at 4:51 PM

...and it's a Red-herring...

After purging all Intermediate, Root, and Third-Party Root Certs in the chain and reinstalling them manually to the correct CertStores and re-exporting the Cert with Chain so that Smartermail could use it I still got the same error.

Even smtp.gmail.com gives the same error code "unable to get local issuer certificate".

So, it was worth a shot but it is not causing the error.

Paul Blank Replied

9/8/2018 at 7:19 AM

Not sure this is relevant, but how about trying a different certificate? You can get certs very inexpensively from ssls.com, for example. "Personal" cert, totally acceptable for most email use (and at least good enough for trial purposes) is $11.75/2 years.

Setup on Windows servers is simple if you use IIS to generate the CSR.

Curtis Kropar www.HawaiianHope.org Replied

9/10/2018 at 2:17 AM

This may not have anything to do with anything, but i found it interesting that you mention iOS with WinServer 2016...

https://www.kraftkennedy.com/critical-issue-apple-ios-11-mail-app-exchange-2016online-windows-server-2016/

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. in 2018, in just one year, we gave away 1,000 Free Computers !

Scarab Replied

9/12/2018 at 4:35 PM

Marked As Resolution

Turns out that re-enabling TLS 1.0 server-side solved the issue for us. Not sure why Outlook 16 & Apple MacOS & iOS need it enabled to work with POP-TLS, IMAP-TLS, and SMTP-TLS, when other email clients would work perfectly fine with TLS 1.0 disabled sever-side...but at this point I'm not asking questions.

Now to isolate why half of our Apple clients are getting "CRAM MD5 Authentication Failed" messages at login...looks like any password with a symbol is not being hashed correctly by Apple...but that will be for another thread.

Back to Community Threads

Please leave this box unchecked

19 Replies

Reply to Thread

Tags

Related Knowledge Base Articles