hi all,
I have transient TLS problem with certain destinations that cause some mails
to be delayed with the error
delivery ... deferral: TLS_connection/protocol_error_for_for_host:..._(#4.4.1)/
Sometimes mail goes through right away, sometimes after several trials and
sometimes it takes days. So far I have identified these destinations:
hotmail.com (mx1.hotmail.com)
neumann-neumann.com (mail.neumann-neumann.com)
ton-objekt.de (ton-objekt.de.pri-mx.eu0103.smtproutes.com)
Most interesting here is hotmail.com. I am not able to communicate properly with
mx*.hotmail.com via the openssl client. An encrypted connection via STARTTLS
is established but then the server does not respond to most commands.
"QUIT" works, "quit", "HELO", "EHLO", "MAIL FROM:" does not:
openssl s_client -connect mx1.hotmail.com:25 -starttls smtp
CONNECTED(00000003)
...
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: 493A0000F823516DED700287A61AAA62F886AD12B02635F4A7B2845431B4CF3F
Session-ID-ctx:
Master-Key: 3FEC7E06D8229053DF4FA60DD7BBFA850C86BB198AA8C4E325729619EE9486D548B4541B34D277780D93A6503DC45B03
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1460629034
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 OK
EHLO fiano.netestate.de
read:errno=104
The response to QUIT is also quite non-SMTP-like:
250 OK
QUIT
DONE
I can reproduce this running the openssl client from several data centers and
distributions (OpenSSL 1.0.1s and 1.0.1f). http://checktls.com does not report
any problems with hotmail.com.
Can somebody here reproduce this or shed light on it?
I had two mails to hotmail.com in the queue today that were delayed for days.
After putting "!hotmail.com:" in tlsdestinations, hotmail reported
"552 Message size exceeds fixed maximum message size".
I am quite sure that in my first trials with the openssl client and
ton-objekt.de.pri-mx.eu0103.smtproutes.com, the connection was closed after
the TLS connection was established but before I could enter a command but I
was not able to reproduce this since then.
I will conduct further experiments but maybe someone has clues for me.
Regards,
Michael Brunnbauer
--
++ Michael Brunnbauer
++ netEstate GmbH
++ Geisenhausener Straße 11a
++ 81379 München
++ Tel +49 89 32 19 77 80
++ Fax +49 89 32 19 77 89
++ E-Mail brunni@netestate.de
++ http://www.netestate.de/
++
++ Sitz: München, HRB Nr.142452 (Handelsregister B München)
++ USt-IdNr. DE221033342
++ Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
++ Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
I have transient TLS problem with certain destinations that cause some mails
to be delayed with the error
delivery ... deferral: TLS_connection/protocol_error_for_for_host:..._(#4.4.1)/
Sometimes mail goes through right away, sometimes after several trials and
sometimes it takes days. So far I have identified these destinations:
hotmail.com (mx1.hotmail.com)
neumann-neumann.com (mail.neumann-neumann.com)
ton-objekt.de (ton-objekt.de.pri-mx.eu0103.smtproutes.com)
Most interesting here is hotmail.com. I am not able to communicate properly with
mx*.hotmail.com via the openssl client. An encrypted connection via STARTTLS
is established but then the server does not respond to most commands.
"QUIT" works, "quit", "HELO", "EHLO", "MAIL FROM:" does not:
openssl s_client -connect mx1.hotmail.com:25 -starttls smtp
CONNECTED(00000003)
...
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: 493A0000F823516DED700287A61AAA62F886AD12B02635F4A7B2845431B4CF3F
Session-ID-ctx:
Master-Key: 3FEC7E06D8229053DF4FA60DD7BBFA850C86BB198AA8C4E325729619EE9486D548B4541B34D277780D93A6503DC45B03
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1460629034
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 OK
EHLO fiano.netestate.de
read:errno=104
The response to QUIT is also quite non-SMTP-like:
250 OK
QUIT
DONE
I can reproduce this running the openssl client from several data centers and
distributions (OpenSSL 1.0.1s and 1.0.1f). http://checktls.com does not report
any problems with hotmail.com.
Can somebody here reproduce this or shed light on it?
I had two mails to hotmail.com in the queue today that were delayed for days.
After putting "!hotmail.com:" in tlsdestinations, hotmail reported
"552 Message size exceeds fixed maximum message size".
I am quite sure that in my first trials with the openssl client and
ton-objekt.de.pri-mx.eu0103.smtproutes.com, the connection was closed after
the TLS connection was established but before I could enter a command but I
was not able to reproduce this since then.
I will conduct further experiments but maybe someone has clues for me.
Regards,
Michael Brunnbauer
--
++ Michael Brunnbauer
++ netEstate GmbH
++ Geisenhausener Straße 11a
++ 81379 München
++ Tel +49 89 32 19 77 80
++ Fax +49 89 32 19 77 89
++ E-Mail brunni@netestate.de
++ http://www.netestate.de/
++
++ Sitz: München, HRB Nr.142452 (Handelsregister B München)
++ USt-IdNr. DE221033342
++ Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
++ Prokurist: Dipl. Kfm. (Univ.) Markus Hendel