Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed

SpamGeek V1.3 with Linux64 Support and new Feature to allow to change SMTP Replies / Workaround for TLS over SMTP

Daniel Nashed – 22 February 2013 16:05:57

Just finished SpamGeek V 1.3 which now also works on Domino 9.0 Beta Linux 64bit.
I added one new feature that allows to change the reply the server is sending in reply to SMTP commands...

This helps a customer to solve his issue with TLS over SMTP that he is running into for over an year. Domino doesn't support the full TLS for SMTP and it isn't on the list for Domino 9 eigher. Only full support for TLS in HTTP is implemented by replacing the HTTP stack with the IBM one.

So native TLS (it's called TLS but uses only SSL 3.0) in Domino for SMTP still has the issue that the handshake is not working for all connecting systems that request encryption via "STARTTLS" ...

Depending on the requested ciphers the handshake will fail and the connection is closed instead using a another cipher. We needed a couple of debug hotfixes to figure out what is going wrong.

So if you are running native Domino you cannot use TLS because you will not be able to communicate with some hosts requesting TLS.
Feature request to get this addressed is SPR #YDEN8RNH22...

SpamGeek does now allow you to configure reply codes depending on the connecting host and will remove TLS from the commands available for that host -- even TLS is enabled on the server.

That's a workaround to allow to use TLS at least for some hosts/domains.

I would wish IBM would address this because encrypted SMTP traffic becomes more and more important. And without the SpamGeek there is no chance having it enabled.



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]