Configuring Outlook Express 6 For TLS

I had configured Outlook Express 6 to send email with no authentication. When I attempted to send a message, I received the following error:

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'elvin1@uymail.com'. Subject 'Test # 1', Account: 'rbcd@frostdragon.com', Server: 'frostdragon.com', Protocol: SMTP, Server Response: '550 5.7.1 ... Relaying denied. Proper authentication required.', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

That is the result I would expect, since the server is not configured for open relaying, i.e. I don't want anyone in the world to be able to send email through it, which would make it a target for spammers. The email server in this case supports Transport Layer Security (TLS)1, which allows a client system to authenticate with the server when sending email and to to have communications between the client's email software, in this case Outlook Express, occur in encrypted form.

So I then configured Outlook Express to authenticate with the SMTP 2 server by clicking on Tools, Accounts, selecting the email account, clicking on Properties, clicking on the Advanced tab, and then under "Outgoing mail (SMTP)", checking "This server requires a secure connection (SSL)".

Outlook Express Send Securely

Under the Servers tab of the Properties window, I also checked "My server requires authentication", which is immediately below Outgoing Mail Server.

Outlook Express - server requires authentication

In this case the password is the same for checking incoming email and sending outgoing email. If you want to specify a different userid and password, you can click on the Settings button to the right of "My server requires authentication" and specify a userid and password.

Outlook Express - Outgoing mail server logon

After reconfiguring Outlook Express to send email securely, when I then tried sending the message I received the following message:

Internet Security Warning
Warning - exclamation mark The server you are connected to is using a security certificate
that could not be verified.

A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.

Do you want to continue using this server?

Yes    No

When I answered "Yes" to the question about proceeding with the given certificate, the message was successfully transmitted.

Observing the process at the email server end with tcpdump, I saw the Outlook Express system contact the server and issue the EHLO command. The server responded with the 250 code indicating it accepted the EHLO command followed by its own name and a "Hello" to the Outlook Express system. The client, the Outlook Express system, then sent the STARTTLS command to the server. The server responded with a Ready to start TLS message. Observing the message tranmission process, I did not see any userid or password nor any of the message's contents, indicating that the message was transmitted in encrypted form.

Note: TLS is only ensuring that the userid and password used for authentication with the SMTP server are transmitted in encrypted form and that the message is being delivered to the SMTP server in encrypted form. That STMP server may transmit the message to another SMTP server, e.g. a recipient's SMTP server, in unencrypted form. There is no guarantee that the message will be transmitted through every server hop along the way in encrypted form.

References:

  1. Tranport Layer Security
    Wikipedia, the free encyclopedia


  2. Simple Mail Transfer Protocol
    Wikipedia, the free encyclopedia


  3. TLS - Email encryption
    Last updated: May 10, 2006
    Msen - Michigan's Best-Run Internet Service Provider™