>从10:06:40.691到10:06:40.723的日志中有哪些错误?
>时间10:06:51.067(10.33.64.161)列出的地址是什么?
在Macbook(Mail)或PC(Outlook,Thunderbird)或Linux上设置IMAP / SMTP或使用我能够测试的一个Android设备时,不会发生错误.协议错误最终导致iOS设备的IP地址被电子邮件服务器列入黑名单.
系统日志如下:
10:06:40.688 5 SMTP [0.0.0.0]:587 <- [69.197.220.11]:49426 connection request. socket=191 10:06:40.688 5 SMTP new VStream created,1 total 10:06:40.688 5 SMTP stream thread started 10:06:40.688 4 SMTPI-011473([69.197.220.11]) [192.168.200.100]:587 <- [69.197.220.11]:49426 incoming connection(our domain.net) 10:06:40.688 5 SMTPI-011473([69.197.220.11]) out: 220 ourdomain.net ESMTP CommuniGate Pro 6.0.10\r\n 10:06:40.691 5 SMTPI-011473([69.197.220.11]) inp: \022\003\001 10:06:42.693 5 SMTPI-011473([69.197.220.11]) out: 501 Unknown command\r\n 10:06:42.693 5 SMTPI-011473([69.197.220.11]) inp: \163\001 10:06:44.696 5 SMTPI-011473([69.197.220.11]) out: 501 Unknown command\r\n 10:06:44.696 5 SMTPI-011473([69.197.220.11]) inp: 10:06:46.698 5 SMTPI-011473([69.197.220.11]) out: 501 Unknown command\r\n 10:06:46.698 5 SMTPI-011473([69.197.220.11]) inp: \159\003\001T\135 l 10:06:48.700 5 SMTPI-011473([69.197.220.11]) out: 501 Unknown command\r\n 10:06:48.700 5 SMTPI-011473([69.197.220.11]) inp: \004\225\176d2\217\180\005"]\167\176\182\131N&\183\175\218\167\200\167\245\003\246\005\221 10:06:50.702 5 SMTPI-011473([69.197.220.11]) out: 501 Unknown command\r\n 10:06:50.702 1 SMTPI-011473([69.197.220.11]) Too many protocol errors,aborting 10:06:50.723 4 SMTPI-011473([69.197.220.11]) closing connection 10:06:50.723 4 SMTPI-011473([69.197.220.11]) releasing stream 10:06:50.966 5 SMTP [0.0.0.0]:587 <- [69.197.220.11]:49427 connection request. socket=214 10:06:50.966 4 SMTPI-011474([69.197.220.11]) [192.168.200.100]:587 <- [69.197.220.11]:49427 incoming connection(ourdomain.net) 10:06:50.966 5 SMTPI-011474([69.197.220.11]) out: 220 ourdomain.net ESMTP CommuniGate Pro 6.0.10\r\n 10:06:51.067 5 SMTPI-011474([69.197.220.11]) inp: EHLO [10.233.64.161] 10:06:51.067 5 SMTPI-011474([69.197.220.11]) out: 250-ourdomain.net your name is not [10.233.64.161]\r\n250-DSN\r\n250-SIZE\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n 10:06:51.165 5 SMTPI-011474([69.197.220.11]) inp: STARTTLS 10:06:51.165 5 SMTPI-011474([69.197.220.11]) out: 220 please start a TLS connection\r\n 10:06:51.549 4 SMTPI-011474([69.197.220.11]) TLSv1.0 security initiated 10:06:51.635 4 SMTPI-011474([69.197.220.11]) TLS-102107(AES256_SHA) connection accepted for 'ourdomain.net' 10:06:51.865 5 SMTPI-011474([69.197.220.11]) s-inp: EHLO [10.233.64.161] 10:06:51.865 5 SMTPI-011474([69.197.220.11]) s-out: 250-ourdomain.net your name is not [10.233.64.161]\r\n250-DSN\r\n250-SIZE\r\n250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n 10:06:51.976 5 SMTPI-011474([69.197.220.11]) s-inp: AUTH PLAIN AGZ1ZGRsZXMAMWJpZ2RvZw== 10:06:51.976 5 SMTPI-011474([69.197.220.11]) SASL(PLAIN) ini: \000fuddles\0001bigdog\000 10:06:51.977 2 SMTPI-011474([69.197.220.11]) 'fuddles@ourdomain.net' connected(CLRTXT) [69.197.220.11]:49427->[192.168.200.100]:587(tls) 10:06:51.977 2 SMTPI-011474([69.197.220.11]) 'fuddles@ourdomain.net' disconnected ([69.197.220.11]:49427) 10:06:51.977 2 SMTPI-011474([69.197.220.11]) authenticated as fuddles@ourdomain.net 10:06:51.977 5 SMTPI-011474([69.197.220.11]) s-out: 235 fuddles@ourdomain.net relaying authenticated\r\n 10:06:52.086 5 SMTPI-011474([69.197.220.11]) s-inp: QUIT 10:06:52.086 5 SMTPI-011474([69.197.220.11]) s-out: 221 ourdomain.net CommuniGate Pro SMTP closing connection\r\n 10:06:52.086 4 SMTPI-011474([69.197.220.11]) TLS connection is closing 10:06:52.086 4 SMTPI-011474([69.197.220.11]) closing connection 10:06:52.086 4 SMTPI-011474([69.197.220.11]) releasing stream
解决方法
线
10:06:40.691 5 SMTPI-011473([69.197.220.11]) inp: \022\003\001
是握手的一部分.
>字节0 = 022表示SSL记录类型= 22(SSL3_RT_HANDSHAKE)
>字节1-2 = 0301表示SSL版本= TLS1_VERSION
请参阅this page以供参考.
但不幸的是,端口587上的服务器不与SSL(SMTPS)通信,而是与STARTTLS通信.具有STARTTLS的服务器期望初始连接将位于未加密的通道中,然后移至加密通道.
因此,最初IOS尝试连接SMTPS(顶级SSL协议上的SMTP).但服务器不理解它,因此它会发出警告未知命令,直到某些限制然后断开客户端.
由于初始连接被拒绝,IOS会执行回退操作并使用STARTTLS再次连接到服务器.
10:06:51.165 5 SMTPI-011474([69.197.220.11]) inp: STARTTLS
在这种情况下,iOS成功连接到服务器.
10:06:51.067(10.33.64.161)时间列出的地址是什么?
IP地址10.33.64.161似乎是Internet提供商的IP地址.通常客户会宣布HELO< something>与< something>是计算机/手机的IP地址/主机名
iOS行为
由于我从未使用过IOS,因此我无法告诉您导致此行为的iOS设置(或者这可能是默认的iOS行为).在您的情况下,预期的行为是通过STARTSSL直接连接,绕过SMTPS尝试,因此它不会被拒绝并再次列入黑名单.
在评论中,BillThor确认上述行为是iOS的默认行为.
IOS defaults to SSL (secure connection) and then offers to connect insecurely if that fails. After the SSL connection fails the user is given the option to connect insecurely. If STARTTLS is available,it is used. The activities involved in the connection discovery are being logged by the server.
解
显而易见的解决方案是配置邮件服务器 – CommuniGate Pro –,因此它不会将表现如此的客户端列入黑名单.该行为不应被视为失败,也不应将设备列入黑名单.
OP的解决方法
协议错误阈值和被列入黑名单的设置在Settings->中.邮件 – > SMTP – >接收 – >限制.默认值为20次错误后断开连接,15分钟拒绝访问.我在100次错误后将我的连接更改为Disconnect,并在0秒内拒绝访问.不确定0秒,但它解决了使用我们的CommuniGate Pro服务器在iOS设备上初始设置IMAP帐户的问题.
