[SOLVED] Odd issue with client on TLS

[killmasta93]

HI
Currently were getting an odd issue with a client, sometimes we get the email but sometimes we dont, i checked the logs and found this

they currently use mimecast for the filter server and wanted to make sure its not TLS issue on my side

 

[Stoiko Ivanov]

Not 100% sure - and you'll need to contact the mail-admins of mimecast to get an answer - but from a quick check it seems that their
mail-server does not like your TLS certificate (I assume that this is because it's self-signed)

You could try to get a Let's Encrypt certificate for the SMTP services (GUI->Configuration->Certificates) and see if this helps in that case

I hope this helps!

 

[killmasta93]

thanks for the reply, it seems updating to pmg 6.4 solved the issue i have with 5.1

 

[killmasta93]

Hi @Stoiko Ivanov so everything was working well but again im getting this issue
I was reading a bit and it seems that i have to use lets encrypt for that client only, is there something you point me to for the SSL?
I was looking at the webGUI but im a bit lost on how to do it
Thank you

Jul 26 03:41:05 mail postfix/smtpd[4516]: connect from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:05 mail postfix/smtpd[4536]: connect from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:05 mail postfix/smtpd[4535]: connect from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:06 mail postfix/smtpd[4516]: SSL_accept error from de-smtp-delivery-105.mimecast.com[194.104.111.105]: -1
Jul 26 03:41:06 mail postfix/smtpd[4516]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1544:SSL alert number 46:
Jul 26 03:41:06 mail postfix/smtpd[4516]: lost connection after STARTTLS from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:06 mail postfix/smtpd[4516]: disconnect from de-smtp-delivery-105.mimecast.com[194.104.111.105] ehlo=1 starttls=0/1 commands=1/2
Jul 26 03:41:06 mail postfix/smtpd[4535]: SSL_accept error from de-smtp-delivery-105.mimecast.com[194.104.111.105]: -1
Jul 26 03:41:06 mail postfix/smtpd[4535]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1544:SSL alert number 46:
Jul 26 03:41:06 mail postfix/smtpd[4535]: lost connection after STARTTLS from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:06 mail postfix/smtpd[4535]: disconnect from de-smtp-delivery-105.mimecast.com[194.104.111.105] ehlo=1 starttls=0/1 commands=1/2
Jul 26 03:41:06 mail postfix/smtpd[4536]: SSL_accept error from de-smtp-delivery-105.mimecast.com[194.104.111.105]: -1
Jul 26 03:41:06 mail postfix/smtpd[4536]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1544:SSL alert number 46:

 

[Stoiko Ivanov]

is your current certificate for smtp:
* publicly trusted?
* still valid?

(you can check from the outside by running `openssl s_client -connect your.pmg.ip.addr:25 -starttls smtp`)

 

[killmasta93]

Thanks for the reply, what i did was to create letsencrypt wanted to know from this picture did i correctly do it ?

Thank you

 

[Stoiko Ivanov]

Thanks for the reply, what i did was to create letsencrypt wanted to know from this picture did i correctly do it ?

from the first glance - yes - the certificate was created yesterday, looks like it's signed by letsencrypt and is valid till end October...

If you still get the problems with mimecast.com - I would suggest to contact their mail-admins - they should give you more details at what their servers don't like

I hope this helps!

 

[killmasta93]

Thank you it seems that the Letsencrypt solved the issue