Code Crafters

Hi;

I'm having a problem receiving mail from specific outside servers. The current difficulty looks like this in the SMTP log:

Mon, 21 Sep 2015 14:01:56 -> 66.77.18.183 -> Success: Action=[Accept Connection], Details=[Port 25]
Mon, 21 Sep 2015 14:01:56 -> 66.77.18.183 -> Success: Action=[Received Hello], Details=[Host=mail1.sam.gov]
Mon, 21 Sep 2015 14:01:56 -> 66.77.18.183 -> Failed: Action=[Start TLS]
Mon, 21 Sep 2015 14:01:56 -> 66.77.18.183 -> Success: Action=[Close Connection]

I'm not well-versed in all this stuff, so please bear with me, and use small words. I've tried changing the SSL Mode, but without luck. I've running the latest version of AMS, I've got implicit and explicit SSL checked, I have a self-signed certificate, and a fixed IP address for my server. Any thoughts or suggestions welcome.

Thank you.

Paul Straney

Unfortunately, the mail client on the other end doesn't give any idea why the TLS failed but likely it refused it based on either your self signed certificate or some other security or compatibility reason. If you recognise any of the hosts and know a contact on that mail server you could contact to ask for any more help from their side that would be useful. If not maybe try connecting using outlook or similar to see if you get any useful client side errors.

As you said changing the TLS version to 1.0 is the most compatible and recommended setting. We've removed use of SSL v2/3 and possibly the sending mail servers are trying to use these. These are now very old SSL versions and deemed too insecure to use. We still allow outgoing connections using these for compatibility with other older mail servers but don't allow them for incoming connections for security reasons.

unfortunately it is a government website, finding the administrator would probably be more trouble than it is worth. I'm thinking it is probably an issue with older security protocols, I know I have issues from time to time with older versions of Outlook Express, so this makes sense.


Paul

In the latest version we've re-added the option for SSLv2/3 and also changed this from a general setting to an SSL mode for every service individually.