We are currently testing the PMG and are already very convinced in many areas.
However, we receive the message “Cannot start TLS: handshake failure” several times a day when connecting to the mail servers of various customers.
The options
The mails all end up in the 'deferred queue'
After a certain amount of time, the mails then disappear from the queue and are delivered. In some cases, however, we also receive bounces from the customer server with messages such as '<name.nachname@yyyy.de>: host mx1.yyyy.de[111.222.333.444] said: 530 #5.7.0
Must issue a STARTTLS command first (in reply to MAIL FROM command)'
However, we receive the message “Cannot start TLS: handshake failure” several times a day when connecting to the mail servers of various customers.
The options
- - Enable TLS
- - Enable TLS Logging
- - Add TLS Recieved Header
The mails all end up in the 'deferred queue'
Code:
postfix/smtp[1509]: setting up TLS connection to XXX.de.mail.protection.outlook.com[52.101.73.22]:25
postfix/smtp[1509]: XXX.de.mail.protection.outlook.com[52.101.73.22]:25: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
postfix/smtp[1509]: looking for session
smtp&XXX.de&XXX.de.mail.protection.outlook.com&52.101.73.22&&8D5CCDD019FFBB67B0D124B3885F8A11381EC26ED7A9311767F41D6AA7410B61 in smtp cache
postfix/tlsmgr[946]: lookup smtp session id=smtp&XXX.de&XXX-
de01i.mail.protection.outlook.com&52.101.73.22&&8D5CCDD019FFBB67B0D124B3885F8A11381EC26ED7A9311767F41D6AA7410B61
postfix/smtp[1509]: SSL_connect error to XXX-de01i.mail.protection.outlook.com[52.101.73.22]:25: lost connection
postfix/smtp[1509]: remove session smtp&XXX.de&XXX-de01i.mail.protection.outlook.com&52.101.73.22&&8D5CCDD019FFBB67B0D124B3885F8A11381EC26ED7A9311767F41D6AA7410B61 from client cache
postfix/tlsmgr[946]: delete smtp session id=smtpXXX.de&XXX-de01i.mail.protection.outlook.com&52.101.73.22&&8D5CCDD019FFBB67B0D124B3885F8A11381EC26ED7A9311767F41D6AA7410B61
After a certain amount of time, the mails then disappear from the queue and are delivered. In some cases, however, we also receive bounces from the customer server with messages such as '<name.nachname@yyyy.de>: host mx1.yyyy.de[111.222.333.444] said: 530 #5.7.0
Must issue a STARTTLS command first (in reply to MAIL FROM command)'