Security

Reply
Regular Contributor I

SMTP Error "Must issue a STARTTLS command first" in ClearPass

Hi experts,

 

I want to test a SMTP Server configuration for email messaging in CPPM, when I click on Send Test Email I get an error. I can see the details in Monitoring > Event Viewer , which are:

smtperror1.PNG

 

I have configured no security connection in the SMTP setting. This is the full configuration:

smtperror.PNG

Does this mean CPPM doesn't support SMTP messaging without security or is this imposed by the SMTP server? Is there any workaround or must I use StartTLS security? My CPPM version is 6.6.0.81015.

 

Regards,

Julián

Regular Contributor I

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Hi,

 

After enabling StartTLS security and importing the SMTP Server certificate to Trust List the error changed to:

smtperror2.PNG

 

Did anyone have this kind of errors?

 

Regards,

Julián

Guru Elite

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Are you using port 587? 

Also, be sure to look in event viewer.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Yes, when I selected StartTLS security the port was automatically changed to 587. And the errors I have attached are seen in the Event Viewer.

 

Regards,

Julián

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Try setting it to SSL for gmail (not StartTLS):

 

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-use-Gmail-as-SMTP-server-on-CPPM/ta-p/185226

 

Also notice the message if you switch to SSL: SMTP Server certificate must be imported to Trust List as SSL setting is enabled.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Regular Contributor I

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Hi Herman,

 

Tried with SSL and now there is a connectivity problem:

smtperror2.PNG

 

But I have tried to telnet to that port from my PC and it is open. I don't know where the problem is, but it seems to be impossible :(

 

Regards,

Julián

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Just tried with gmail and these settings:

gmail.png

And that worked fine after I logged in to my Gmail account and enabled 'insecure application access'. I got an email that access was blocked and a similar message in access tracker (Please log in via your web browser and then try again. Learn more at https://support.google.com/mail/answer/78754). BTW I did not need to do anything with the trust list, it just connected.

If you find the mail server settings for your local Internet Service Provider, that will probably work without authentication (at least it does here).

 

Does it feel as a 'test email' times out? Could it be that you enabled both data and management interface and the outgoing request is taking the wrong interface (it will take data by default)? I tend to avoid dual interface whenever possible.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Regular Contributor I

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Hi Herman,

 

Problem solved! I don't know the reason but testing with the Send Test Email button in the ClearPass Policy Manager > Administration » External Servers » Messaging Setup section didn't work. Then I have tried with Send Test Message button in the ClearPass Guest > Home » Configuration » Receipts » Email Receipt section and worked, I received the test email in my Gmail inbox:

smtpsuccess.PNG

BTW, I have tested this successfully with the three security options (none, SSL, StartTLS) and I didn't mind about the trust list as you did.

I don't know why I get that error with the Send Test Email button in the ClearPass Policy Manager > Administration » External Servers » Messaging Setup section.

For your last question, I only have configured the management interface.

Now I will see if it works with a real message...

 

Regards,

Julián

Regular Contributor I

Re: SMTP Error "Must issue a STARTTLS command first" in ClearPass

Hi Herman,

 

Just to let you know that real messaging worked. BTW, thanks for taking your time and testing this issue.

 

Regards,

Julián

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: