SMTP protocol synchronization error (input sent without waiting for greeting)

Kousalya Kanikannan picture Kousalya Kanikannan · Mar 17, 2015 · Viewed 11.7k times · Source

I configured exim mail server on centos. It is working with no encryption type. But not with SSL and TLS. I din't get correct solution for this type of error. Can anyone tell solution and why this error message in exim main.log file?

The error message is like below in the exim main.log file.

2015-03-17 10:34:16 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=acp-node [10.7.2.137] input="\026\003\001"

Answer

Steffen Ullrich picture Steffen Ullrich · Mar 17, 2015

(input sent without waiting for greeting) ... input="\026\003\001"

In short: You are trying to use implicit TLS on a port where explicit TLS is needed.

In detail: There are two ways to use TLS with SMTP:

  • implicit TLS, that is TLS from start. This is used on port 465 (smtps). This mode is in some SMTP stacks simply called "SSL".
  • explicit TLS, that is start with plain SMTP and upgrade to TLS with the STARTTLS command. This is used on ports 25 (smtp) and 587 (submission). This mode is in some SMTP stacks simply called "TLS".

If you look around at the questions regarding use of SMTP with TLS you will find lots of confusion about how to use these modes with the various setups. And you will find lots of bad code which tries to use implicit TLS where explicit TLS is needed.

What you see is the result of the client trying to use implicit TLS on a port not suitable for this. \026\003\001 (or hex 16 03 01) is the start of a TLS 1.0 handshake and input sent without waiting for greeting refers to the fact, that the client is sending data first without waiting for the server to send the (plain text) SMTP greeting.