Oct 15, 2015, 10:12 AM
8 Posts

Problem with Notes 9.0.1 Fix Pack 4 with sending SMTP directly

  • Category: Notes Client
  • Platform: Windows
  • Release: 9.0.1
  • Role: End User
  • Tags:
  • Replies: 4
 

I have had a problem with Notes 9.0.1 Fix Pack 4 with sending outbound SMTP directly from the Notes client and getting "Replicator Error SSL bad peer certificate.  Connection refused".      Today I tried again to install Fix Pack 4 and to use the hot fix (901FP4SHF292_W32_standard.exe), but had the same problem.   The receiving SMTP server is not able to make an SSL / TLS connection and accept the messages.

 

There is an earlier technote about this problem ("IBM Notes-only users cannot send mails using SMTP with TLS (SSLv3)"  http://www-01.ibm.com/support/docview.wss?uid=swg21688547), but it says to upgrade to Fix Pack 2  - it needs to be updated.   

 

 

Work-around:   Revert back to 9.0.1 Fix Pack 3

The only work-around that I have found is to re-run the Hot Fix and/or Fix Pack 4 installers to revert back to Notes 9.0.1, and then install Notes 9.0.1 Fix Pack 3.  

 

(Unfortunately,  Fix Pack 3 has other problems - like problems importing OSGi plugins into an update site.)

Oct 16, 2015, 5:19 PM
94 Posts
That technote probably isn't related to your issue...
That technote refers to older versions of Notes/Domino that could not speak TLS 1.0 or better, and so were losing interoperability as servers disabled SSLv3.

Upgrading from 9.0.1 FP3 to 9.0.1 FP4  adds support for TLS 1.2, which is frequently much pickier about what signature algorithms it accepts. If you are using certificates signed with MD5, I would highly recommend upgrading your certificates to SHA-256.

If that doesn't do the trick, please set the following notes.ini variables and post the debug file results so we can take a look at them.

SmtpClientDebug=1
DEBUG_SSL_ALL=1
DEBUG_SSL_CIPHERS=2
DEBUG_SSL_HANDSHAKE=2
DEBUG_OUTFILE=<filename>
Jul 25, 2016, 4:14 PM
19 Posts
Notes 9.0.1 FP4 - FP6 no longer supports outbound SSL SMTP account on local desktop

Does IBM plan to fix this issue which has existed over a year???  I noticed the same issue when I upgraded to Notes 9.0.1 FP4 in August 2015.  I researched all the Notes forums, wikis and blogs and could not find a solution.  I have been using IBM Notes for over 5 years as a SMTP mail client to send outbound mail (via a local mailbox) directly to SMTP.  i.e. Sending using my Gmail email address via the Gmail SMTP server

 

And some of my customers are using it as well to bypass strict outbound company server rules when using 3rd party mail merge tools which integrate with Notes.  i.e. Print Merge Reporter for IBM Notes -- Mail merge Excel to email messages (aka PMR mail merge tool)

 

My customers and I started receiving the errors below after the 9.0.1 FP4 and it has never worked again thru 9.0.1 FP6. :(  My customers had to downgrade or install Notes 9.0.1 FP3 on a VM desktop to keep the existing functionality they were using for several years -- since at least 2012. :(  FYI: And as of June 16, 2016 if you are using Gmail with IBM Notes it seems Google will no longer be accepting SSL3 connections, so this workaround most likely not even work for Gmail:  http://www.securityweek.com/google-soon-kill-sslv3-rc4-support-gmail

  • SSL Certificate is Invalid
  • SMTP Protocol Returned a Permanent Error
  • SSL bad peer certificate. Connection refused.

SMTP client debugging... (log.nsf on Local)

07/25/2016 04:30:04 PM  SMTPClient: Starting to transfer 1 messages to smtp.gmail.com for user CN=NotesMail Consulting/O=NMC
07/25/2016 04:30:07 PM  [0F68:0007-0E9C:wrepl] SMTPClient: Attempting to Connect: Host smtp.gmail.com, Port 465, SSL Port 0, Connecting Domain [192.168.1.99]
07/25/2016 04:30:07 PM  [0F68:0007-0E9C:wrepl] SMTPClient: SSL Connection Policy error: 3AFEh
07/25/2016 04:30:07 PM  [0F68:0007-0E9C:wrepl] SMTPClient: Attempting to Disconnect:
07/25/2016 04:30:07 PM  [0F68:0007-0E9C:wrepl] SMTPClient: Connection already disconnected

 

FYI

 

Notes SMTP account on local deskop...

Account name:  Outgoing internet mail - Gmail

Account server name:  smtp.gmail.com

Login name:  YourName@gmail.com

Password:  *****

Protocol:  SMTP

SSL:  Enabled

Port number:  465

Accept SSL site certificates:  Yes

Accept expired SSL certificates:  Yes

Send SSL certificates when asked (outbound connections only):  No

Verify account server name with remote server's certificate:  Disabled

SSL protocol version:  V3.0 with V2.0 handshake

 

Set up Gmail with Outlook, Apple Mail, or other mail clients (IBM Notes)...

Outgoing Mail (SMTP) Server:  https://support.google.com/mail/troubleshooter/1668960?hl=en


Crucial tools for IBM Lotus Notes and Domino administration and development...

Find the "crucial tools you need to succeed" including product descriptions, downloads, demos and testimonials.
Speed up IBM Lotus Notes and Domino administration and development with these crucial software tools.
Better, stronger, faster productivity for administrators and developers.
Download and try the lite (free) version

 

Jul 26, 2016, 3:26 AM
105 Posts
Seems like Notes 9.0.1FP4+ can no longer be used as an SMTP and IMAP mail client
See also this thread Link regarding IMAP.
Apr 15, 2018, 6:24 PM
19 Posts
Workaround on Gmail and Yahoo security settings fixes issue

I just tested IBM Notes 9.0.1 FP9 using local POP3 and SMTP accounts with Gmail and Yahoo accounts to send and receive email using a local Notes mailbox.  It worked successfully, but only after logging into the Gmail and Yahoo accounts and enabling "Access for less secure apps" in the security settings. 

NOTE: It seems this option was available since at least Oct 2014, but might not have displayed in some older Gmail accounts at one point in time, but it should display now.   If you want to save some time finding it, then login to the gmail account, then click here:  https://www.google.com/settings/u/0/security/lesssecureapps  

  

FYI:  It seems the Notes client still does not support TLS for local POP3 and SMTP connections yet (or when connecting to Gmail and Yahoo) which is why you need to enable "Allow Less Secure Apps". :(

 

FYI

 

Configure IBM Notes with Gmail and Yahoo!

https://www.notesmail.com/home.nsf/tip20121227

 

Gmail Account Setup: Things To Check Before Setting Up Gmail In Notes Client

http://www-01.ibm.com/support/docview.wss?uid=swg21998171