Troubleshooting SSL/TLS version on SMTP / Outmail service
Posted: Tue Jan 31, 2017 9:50 pm
I'm looking for any help i can get in terms of how I can effectively troubleshoot or look further..
I want to at least require TLS 1.0 at a minimum on the SMTP and outgoing mail services, but we get a small, but consistent number of contacts either whose mail doesn't get received by us (their server(s) appear to close connection after STARTTLS) and some who we can't send mail to (same thing happens, but when Outgoing Mail tries to send, we get a '503: Bad Sequence of commands).
I should add that every Outgoing Mail send that attempts to use SSL/TLS, the logs always report 'Starting SSL' then 'Connection Closed, failed to start SSL' then 'Reconnection accepted', 'Starting TLS' etc. Mostly these DO complete OK, it appears to just be a few recipients that Outgoing Mail fails on any use of SSL/TLS other than 'none' - There could be reasons on the recipient server's end that are at issue, but we receive no message failure (as one would expect with a refusal from antispam controls, mailboxes not present, etc). I do have the box unchecked that allows non-secure connections to be used as a backup. Generalized sample of what I see in the Outmail log for failures:
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[Add Mail To Queue], Details=[5 KB]
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[Process Mail], Details=[5 KB: Start transfer.]
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[Detect DNS's], Details=[Found 2 entries.]
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[MX Lookup], Details=[DNS=Using automatically detected DNS's, Domain=mail.domain01.com: Found 1 records]
Tue, 31 Jan 2017 15:38:05 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Connection accepted.]
Tue, 31 Jan 2017 15:38:05 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Starting SSL.]
Tue, 31 Jan 2017 15:38:05 -> Failed: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Connection closed, failed to start SSL.]
Tue, 31 Jan 2017 15:38:06 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Reconnection accepted.]
Tue, 31 Jan 2017 15:38:11 -> Failed: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Transaction rejected with: 503 Bad sequence of commands]
A successful send consistently looks like this:
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[Add Mail To Queue], Details=[301 KB]
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[Process Mail], Details=[301 KB: Start transfer.]
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[Detect DNS's], Details=[Found 2 entries.]
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[MX Lookup], Details=[DNS=Using automatically detected DNS's, Domain=domain01.com: Found 2 records]
Tue, 31 Jan 2017 15:38:53 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Connection accepted.]
Tue, 31 Jan 2017 15:38:53 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Starting SSL.]
Tue, 31 Jan 2017 15:38:53 -> Failed: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Connection closed, failed to start SSL.]
Tue, 31 Jan 2017 15:38:53 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Reconnection accepted.]
Tue, 31 Jan 2017 15:38:54 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Starting TLS.]
Tue, 31 Jan 2017 15:38:55 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: TLS started.]
using https://www.checktls.com/perl/TestReceiver.pl does confirm that the domain in question is able to accept TLS 1.2, so I'm not sure exactly what the issue could be...
I want to at least require TLS 1.0 at a minimum on the SMTP and outgoing mail services, but we get a small, but consistent number of contacts either whose mail doesn't get received by us (their server(s) appear to close connection after STARTTLS) and some who we can't send mail to (same thing happens, but when Outgoing Mail tries to send, we get a '503: Bad Sequence of commands).
I should add that every Outgoing Mail send that attempts to use SSL/TLS, the logs always report 'Starting SSL' then 'Connection Closed, failed to start SSL' then 'Reconnection accepted', 'Starting TLS' etc. Mostly these DO complete OK, it appears to just be a few recipients that Outgoing Mail fails on any use of SSL/TLS other than 'none' - There could be reasons on the recipient server's end that are at issue, but we receive no message failure (as one would expect with a refusal from antispam controls, mailboxes not present, etc). I do have the box unchecked that allows non-secure connections to be used as a backup. Generalized sample of what I see in the Outmail log for failures:
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[Add Mail To Queue], Details=[5 KB]
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[Process Mail], Details=[5 KB: Start transfer.]
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[Detect DNS's], Details=[Found 2 entries.]
Tue, 31 Jan 2017 15:38:04 -> Success: Action=[MX Lookup], Details=[DNS=Using automatically detected DNS's, Domain=mail.domain01.com: Found 1 records]
Tue, 31 Jan 2017 15:38:05 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Connection accepted.]
Tue, 31 Jan 2017 15:38:05 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Starting SSL.]
Tue, 31 Jan 2017 15:38:05 -> Failed: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Connection closed, failed to start SSL.]
Tue, 31 Jan 2017 15:38:06 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Reconnection accepted.]
Tue, 31 Jan 2017 15:38:11 -> Failed: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01:25, IP=1.2.3.4: Transaction rejected with: 503 Bad sequence of commands]
A successful send consistently looks like this:
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[Add Mail To Queue], Details=[301 KB]
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[Process Mail], Details=[301 KB: Start transfer.]
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[Detect DNS's], Details=[Found 2 entries.]
Tue, 31 Jan 2017 15:38:52 -> Success: Action=[MX Lookup], Details=[DNS=Using automatically detected DNS's, Domain=domain01.com: Found 2 records]
Tue, 31 Jan 2017 15:38:53 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Connection accepted.]
Tue, 31 Jan 2017 15:38:53 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Starting SSL.]
Tue, 31 Jan 2017 15:38:53 -> Failed: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Connection closed, failed to start SSL.]
Tue, 31 Jan 2017 15:38:53 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Reconnection accepted.]
Tue, 31 Jan 2017 15:38:54 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: Starting TLS.]
Tue, 31 Jan 2017 15:38:55 -> Success: Action=[SMTP Transfer], Details=[Domain=domain01.com, Host=mail.domain01.com:25, IP=1.2.3.4: TLS started.]
using https://www.checktls.com/perl/TestReceiver.pl does confirm that the domain in question is able to accept TLS 1.2, so I'm not sure exactly what the issue could be...