LO88795: NOTES CLIENT DOES NOT TRY STARTTLS WHEN "MAIL FILE LOCATION" IN LOCATION DOC IS SET TO "SERVER".

APAR status

• Closed as fixed if next.

Error description

• Dealing with the following environment:
  
  Domino 9.0.1 FP5
  -Server Name: domsmtp/org
  -FQDN: domsmtp.domain.com
  
  Notes 9.0.1 FP5SHF121, which contains the fix of starttls
  support(SPR# MPAA6PQCHK.)
  -UserName: Test 001/Org
  -Mail Server: domsmtp/org
  -Mail file: mail\t001.nsf
  -Internet Address: test001@domsmtp.domain.com
  
  
  Steps:
  
  1. Set up Domino Server to enable ssl as follows:
  
  https://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2
  _with_OpenSSL_and_kyrtool
  
  
  2. Set up Domino server for INBOUND SMTP to support "STARTTLS".
  
  <excerpt from technote 1108352> ---
  
  Note: Please see technote# 1108352
  
  Title: How to configure Domino for secure SMTP sessions using
  STARTTLS
  Technote#: 1108352
  URL: http://www.ibm.com/support/docview.wss?uid=swg21108352
  
             1.  Enable the "SMTP Listener task" via the Server
  document (Basics tab).
             2.  Enable SMTP Inbound "TCP/IP port status" in the
  Server document (Ports -> Internet Ports -> Mail tab).
             3.  Enable "SSL negotiated over TCP/IP port" in the
  Configuration document (Router/SMTP -> Advanced -> Commands and
  
  Extensions tab).
             4.  Restart the SMTP Listener task/=.
  
  <until here> ---
  
  
  3. Change "TCP/IP port number" settings for SMTP Inbound in
  server document as follows:
  
  [Ports...]-[Internet Ports...] - [Mail]
  
  TCP/IP port number(SMTP Inbound): 587
  TCP/IP port status: Enabled
  Enforce server access settings: No
  Authentication options:
  -Name & password: No
  -Anonymous: Yes
  
  
  4. Launch Notes client.
  
  5. Create location document and account document as follows:
  
  Location document:
  
  [Basics] tab:
  -Location Name: starttls test
  -Internet mail address: test001@domsmtp.domain.com
  [Servers] tab:
  -Home/mail server: domsmtp/org
  [Mail] tab:
  -Mail file location: On server
  -Mail file: mail\t001.nsf
  -Domino mail domain: domain
  -Internet domain for Notes addresses when connecting directly
  to the internet: domain.com
  -Send outgoing mail: directly to Internet
  
  
  Account document:
  
  [Basic] tab:
  -Account Name: starttls test for server db
  -Account server name: domsmtp.domain.com
  -login name: test 001
  -Password: (valid password)
  -Protocol: SMTP
  -Connection Security: STARTTLS
  [Advanced] tab:
  -Port number: 587
  -Accept SSL site certificate: Yes
  -Accept expired SSL certificate: Yes
  -Verify account server name with remote server's certificate:
  Disabled
  -SSL protocol version: Negotiated
  
  
  6. Open the mail database on server, create a new message.
  
  7. Send a mail to any user.
  
  
  Unexpected result:
  
  You will find that smtp(ssl) connection is failed.  and notes
  client does NOT try STARTTLS to port 587 because notes client
  try TLS connection before "STARTTLS" command is issued.
  
  
  Expected result:
  
  Notes client try STARTTLS to port 587.
  
  
  Note:
  If you create a replica on local and change "Mail file
  location" in the location document from "On server"  to
  "Local", notes client try "STARTTLS" to port 587.
  So smtp connection is successful, i.e.  the mail can be sent
  successfully.
  

Local fix

• Create a local replica, then change "Mail file location" in the
  location document from "On server" to "Local".
  

Problem summary

• This APAR is closed as FIN. We have deferred the fix to a
   future release.
  

Problem conclusion

Temporary fix

Comments

• This APAR is associated with SPR# HHIEA9EF9E.
  This APAR is closed as FIN. We have deferred the fix to a
   future release.
  

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels