For remote access users, my standard practise is to open up port 1677 to the GW client.

The issue is that the Mac client is dated and is not as rich in formatting features as the Windows client or Webaccess, and when users see this, they are not impressed.
Webaccess may suffice, but for users that roam in/out of internet signal range, it's not viable - they want their email offline too.

Enter IMAP/SMTP on GWIA. Sounds straight forward in theory but has been a struggle to implement.

The planned approach is:

remote internet PC ---> SMTP/SSL(port 26)--->| FIREWALL |--->GWIA2 (SSL "Required") --> GWIA (SSL Enabled) --SMTP-->Internet SMTP host

With SSL turned off, everything works perfectly. IMAP/SSL works perfectly too. Just the above is broken.
The issue is the communication between GWIA2 and GWIA. GWIA2 needs SSL "Required" so that remote Mac/Linux users can only connect using SSL.

Here is a sanitised extract from the GWIA2 log:
02:57:44 F387 DMN: MSG 43 Accepted connection: [] ( <--- LAN PC for testing
02:57:44 F387 DMN: MSG 43 SMTP upgraded to a secure connection.
02:57:44 F387 Successful login with client/server access:
02:57:44 F387 DMN: MSG 43 Inbound AUTH succeeded from, User: test
02:57:44 F387 DMN: MSG 43 Receiving file: /media/nss/GW/xxxdom/wpgate/gwia2/receive/82d24735.001
02:57:44 F387 DMN: MSG 43 SMTP session ended: [] (
02:57:44 F36F MSG 43 Processing inbound message: /media/nss/GW/xxxdom/wpgate/gwia2/receive/82d24735.001 <--- GWIA2 is happy
02:57:44 F36F MSG 43 Sender:
02:57:44 F36F MSG 43 Recipient:
02:57:44 F36F MSG 43 Converting message to SMTP: /media/nss/GW/xxxdom/wpgate/gwia2/send/x3742d28.002
02:57:44 F36F MSG 43 Queuing message to daemon: /media/nss/GW/xxxdom/wpgate/gwia2/send/s3742d28.002
02:57:44 F36F MSG 43 Sender: (GroupWise userID: Test)
02:57:44 F36F Recipient:
02:57:45 F387 DMN: MSG 43 Sending file: /media/nss/GW/xxxdom/wpgate/gwia2/send/p3742d28.002
02:57:45 F387 DMN: MSG 43 Attempting to connect to <---- GWIA(1)
02:57:46 F387 DMN: MSG 43 connection failure (6)
02:57:46 F387 DMN: MSG 43 Send Failure: 450 Host down ([])
02:57:54 F44F MSG 43 Analyzing result file: /media/nss/GW/xxxdom/wpgate/gwia2/result/r3742d28.002
02:57:54 F44F MSG 43 Detected error on SMTP command
02:57:54 F44F MSG 43 Command:
02:57:54 F44F MSG 43 Response: 450 Host down ([])
02:57:54 F44F MSG 43 Deferring message: /media/nss/GW/xxxdom/wpgate/gwia2/defer/s3742d28.002

The above test was done from inside the LAN, but the same issue occurs for remote PC's as well.

After NUMEROUS hours of troubleshooting (testing certificates, port numbers, I raised an SR. Novell are investigating and have replicated the error - now waiting on backline/dev feedback.

The strange thing is that I had the same setup on GW 12.01, and it still worked after upgrading to 12.02, so I wonder what the issue is here, which was originally setup on 12.02 and failed, so Novell provided me with 12.03 (pre release), and still it's broken!

Due to the demise of GW client on Mac/Linux, more people are going to need other IMAP/SMTP/SSL solutions, and have to jump through these same hoops and headaches, just to have secure remote access with offline synch capability to non-Windows PC's. If Novell continued to develop at least a solid Java client that could run on Mac/Linux maybe I wouldn't be on the merry-go round on patching and late nights. In fact it is a poor decision to cease development of Mac/Linux clients because if anything the take up of these Os's is on the rise.

Has anyone else come across the above issue with a dual GWIA setup and SSL "Required"? Or worked around it?

If there is a better approach for remote access for non-GW clients (with offline synch)?