[SOLVED] Odd issue with client on TLS

killmasta93

Renowned Member
Aug 13, 2017
973
58
68
31
HI
Currently were getting an odd issue with a client, sometimes we get the email but sometimes we dont, i checked the logs and found this

they currently use mimecast for the filter server and wanted to make sure its not TLS issue on my side

1655486683822.png
 
Not 100% sure - and you'll need to contact the mail-admins of mimecast to get an answer - but from a quick check it seems that their
mail-server does not like your TLS certificate (I assume that this is because it's self-signed)

You could try to get a Let's Encrypt certificate for the SMTP services (GUI->Configuration->Certificates) and see if this helps in that case

I hope this helps!
 
  • Like
Reactions: killmasta93
Hi @Stoiko Ivanov so everything was working well but again im getting this issue
I was reading a bit and it seems that i have to use lets encrypt for that client only, is there something you point me to for the SSL?
I was looking at the webGUI but im a bit lost on how to do it
Thank you

Code:
Jul 26 03:41:05 mail postfix/smtpd[4516]: connect from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:05 mail postfix/smtpd[4536]: connect from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:05 mail postfix/smtpd[4535]: connect from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:06 mail postfix/smtpd[4516]: SSL_accept error from de-smtp-delivery-105.mimecast.com[194.104.111.105]: -1
Jul 26 03:41:06 mail postfix/smtpd[4516]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1544:SSL alert number 46:
Jul 26 03:41:06 mail postfix/smtpd[4516]: lost connection after STARTTLS from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:06 mail postfix/smtpd[4516]: disconnect from de-smtp-delivery-105.mimecast.com[194.104.111.105] ehlo=1 starttls=0/1 commands=1/2
Jul 26 03:41:06 mail postfix/smtpd[4535]: SSL_accept error from de-smtp-delivery-105.mimecast.com[194.104.111.105]: -1
Jul 26 03:41:06 mail postfix/smtpd[4535]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1544:SSL alert number 46:
Jul 26 03:41:06 mail postfix/smtpd[4535]: lost connection after STARTTLS from de-smtp-delivery-105.mimecast.com[194.104.111.105]
Jul 26 03:41:06 mail postfix/smtpd[4535]: disconnect from de-smtp-delivery-105.mimecast.com[194.104.111.105] ehlo=1 starttls=0/1 commands=1/2
Jul 26 03:41:06 mail postfix/smtpd[4536]: SSL_accept error from de-smtp-delivery-105.mimecast.com[194.104.111.105]: -1
Jul 26 03:41:06 mail postfix/smtpd[4536]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1544:SSL alert number 46:
 
Last edited:
is your current certificate for smtp:
* publicly trusted?
* still valid?

(you can check from the outside by running `openssl s_client -connect your.pmg.ip.addr:25 -starttls smtp`)
 
Thanks for the reply, what i did was to create letsencrypt wanted to know from this picture did i correctly do it ?

Thank you
1658970030399.png
 
Last edited:
Thanks for the reply, what i did was to create letsencrypt wanted to know from this picture did i correctly do it ?
from the first glance - yes - the certificate was created yesterday, looks like it's signed by letsencrypt and is valid till end October...

If you still get the problems with mimecast.com - I would suggest to contact their mail-admins - they should give you more details at what their servers don't like

I hope this helps!
 
  • Like
Reactions: killmasta93

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!