howdy Steve... on newer versions of openBSD open SMTPD legacy tls versions / ciphers are disabled by default... there is an option to allow legact tls versions ( i cant remember the option off hand but man smtpd.conf and search for tls you should find it handy enough...( this caught me out on an upgrade to 7.0
btw mxtoolbox.com has some useful tests that could help you diagnose mail flow issues... DMARC + DKIM would be worth looking at... also check the spamhaus PBL... if your isp suddenly added their subscriber ip ranges to the PBL this could negatively impact you if your mail server ip is in the ranges the ISP included in Spamhaus Policy Block List... hope this helps On Wed 5 Oct 2022, 23:07 Steve Fairhead, <st...@fivetrees.com> wrote: > I've searched and failed, and I realise I'm going to show my total > ignorance by not having found an answer (and no, I've not been keeping > up these last few years - mea culpa - demanding day-job). But - I'd be > grateful for any (gentle or otherwise) cluebats. > > I have several OpenBSD email servers, some elderly (Sendmail) and some > brand-spanking new (smtpd). Recently I've noticed that some (of both > kinds) are failing to deliver mail to some major UK ISPs. (Mostly > domestic; business ISPs not so much.) > > For Sendmail, the error is "TLS handshake failed"; for smtpd, it's > "Network error on destination MXs". > > I do have SPF etc setup; thought that might be it, but no. I've read > that some ISPs have closed port 25. I presume that's relevant, but I > simply don't know. > > As I said, all cluebats gratefully (and probably painfully) accepted. > > Steve > > -- > > -------------------------------------------------- > Steve Fairhead > email: st...@fivetrees.com > -------------------------------------------------- > >
