Re: [exim] TLS session is required, but an attempt to start TLS failed

Tue, 18 Oct 2022 07:36:18 -0700 

Am 18.10.22 um 14:58 schrieb Patrick Porteous via Exim-users:
I've recently started receiving the following message in my log files when sending to one host: 


2022-10-18 07:12:45 H=example.com [###.###.###.199]: a TLS session is 
required, but an attempt to start TLS failed
2022-10-18 07:12:45 H=example.com [###.###.###.196]: a TLS session is 
required, but an attempt to start TLS failed
2022-10-18 07:12:45 H=example.com [###.###.###.198]: a TLS session is 
required, but an attempt to start TLS failed
2022-10-18 07:12:46 H=example.com [###.###.###.197]: a TLS session is 
required, but an attempt to start TLS failed
2022-10-18 07:12:46 H=example.com [###.###.###.194]: a TLS session is 
required, but an attempt to start TLS failed
2022-10-18 07:12:46 someu...@example.com R=dnslookup T=remote_smtp 
defer (-38) H=example.com [###.###.###.194]: a TLS session is 
required, but an attempt to start TLS failed



The error is causing email addressed to this host to hang in my queue 
and then fail to be delivered after the time out period.  My 
exim.config is setup with the following options enabled:



Thats exactly what should happen, if you enforce TLS and the other side 
can't offer it, it fails.


You used:

hosts_require_tls = ....
tls_tempfail_tryclear = false


in your transport . Ergo, it fails, if it's not possible. And I go 10:1 
whatever is used in:


tls_require_ciphers = ...


is not been offered in the external mailserver tls offer i.e. because 
it's a malconfigured exchange server.


To not block your queue, you can do this:

begin retry
# Address or Domain    Error       Retries
# -----------------    -----       -------

*                      refused
*                      quota
*                      tls_required
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

which instantly sends a delivery-message to the sender, if TLS fails.

best regards,
Marius



Attachment:
OpenPGP_0x048770A738345DD3.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature

Description: OpenPGP digital signature


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to