On 10/5/2022 5:04 PM, Steve Fairhead wrote:
I have several OpenBSD email servers, some elderly (Sendmail) and some
brand-spanking new (smtpd). Recently I've noticed that some (of both
kinds) are failing to deliver mail to some major UK ISPs. (Mostly
domestic; business ISPs not so much.)
For Sendmail, the error is "TLS handshake failed"; for smtpd, it's
"Network error on destination MXs".
"TLS handshake failed" usually means a TLS cipher mismatch, but maybe
they're requiring a valid public certificate. You can also use
testssl.sh to see what ciphers they're actually using.
Check the logs and do a tcpdump of one of the failed connections. One
of those should tell you directly what's wrong.
