Looks like I spoke to early about tricky Cisco router. Just had our modem/router equipment replaced, hoping it would fix the problem but to no avail! I give up.
On Wed, Jul 8, 2009 at 6:03 PM, New Old Stk <newold...@googlemail.com>wrote: > Guys thanks a lot for helping out with my problem. I just tried sending > mail from friend's mail server (SBS 2003) and same problem occured. Looks > like Cisco box in our office messing up. > > Appreciate all the input and many many thanks! > > George > > On Wed, Jul 8, 2009 at 4:34 PM, Victor Duchovni < > victor.ducho...@morganstanley.com> wrote: > >> On Wed, Jul 08, 2009 at 04:25:43PM +0100, New Old Stk wrote: >> >> > Noel, connecting to server remotely didn't work. I wonder what's the >> reason >> > as no ports seem to be blocked. >> > >> > >> > g2$ openssl s_client -starttls smtp -crlf -connect >> one.mailexpeditor.com:25 >> > CONNECTED(00000003) >> > 157:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> > protocol:s23_clnt.c:601: >> >> This server supports "starttls" (sorry have not released smtp-finger >> yet...) >> >> smtp-finger: Connected to one.mailexpeditor.com[92.60.109.90]:25 >> smtp-finger: < 220 one.mailexpeditor.com ESMTP Postfix >> smtp-finger: > EHLO hqmtaext01.ms.com >> smtp-finger: < 250-one.mailexpeditor.com >> smtp-finger: < 250-PIPELINING >> smtp-finger: < 250-SIZE 10240000 >> smtp-finger: < 250-VRFY >> smtp-finger: < 250-ETRN >> smtp-finger: < 250-STARTTLS >> smtp-finger: < 250-ENHANCEDSTATUSCODES >> smtp-finger: < 250-8BITMIME >> smtp-finger: < 250 DSN >> smtp-finger: > STARTTLS >> smtp-finger: < 220 2.0.0 Ready to start TLS >> smtp-finger: Untrusted TLS connection established to >> one.mailexpeditor.com[92.60.109.90]:25: TLSv1 with cipher ADH-AES256-SHA >> (256/256 bits) >> smtp-finger: Server is anonymous >> >> Also works with s_client: >> >> $ openssl s_client -starttls smtp -connect one.mailexpeditor.com:25 >> CONNECTED(00000003) >> depth=1 /C=GB/ST=Buckinghamshire/O=Mail Expeditor/CN= >> one.mailexpeditor.com/emailaddress=a1l6e...@mailexpeditor.com >> verify error:num=19:self signed certificate in certificate chain >> verify return:0 >> --- >> Certificate chain >> 0 s:/C=GB/ST=Buckinghamshire/L=Milton Keynes/O=Mail Expeditor/CN= >> one.mailexpeditor.com/emailaddress=a1l6e...@mailexpeditor.com >> i:/C=GB/ST=Buckinghamshire/O=Mail Expeditor/CN= >> one.mailexpeditor.com/emailaddress=a1l6e...@mailexpeditor.com >> 1 s:/C=GB/ST=Buckinghamshire/O=Mail Expeditor/CN= >> one.mailexpeditor.com/emailaddress=a1l6e...@mailexpeditor.com >> i:/C=GB/ST=Buckinghamshire/O=Mail Expeditor/CN= >> one.mailexpeditor.com/emailaddress=a1l6e...@mailexpeditor.com >> --- >> Server certificate >> -----BEGIN CERTIFICATE----- >> ... >> -----END CERTIFICATE----- >> subject=/C=GB/ST=Buckinghamshire/L=Milton Keynes/O=Mail Expeditor/CN= >> one.mailexpeditor.com/emailaddress=a1l6e...@mailexpeditor.com >> issuer=/C=GB/ST=Buckinghamshire/O=Mail Expeditor/CN= >> one.mailexpeditor.com/emailaddress=a1l6e...@mailexpeditor.com >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 2505 bytes and written 351 bytes >> --- >> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA >> Server public key is 1024 bit >> Compression: NONE >> Expansion: NONE >> SSL-Session: >> Protocol : TLSv1 >> Cipher : DHE-RSA-AES256-SHA >> ... >> Verify return code: 19 (self signed certificate in certificate >> chain) >> --- >> 250 DSN >> quit >> 221 2.0.0 Bye >> >> -- >> Viktor. >> >> Disclaimer: off-list followups get on-list replies or get ignored. >> Please do not ignore the "Reply-To" header. >> >> To unsubscribe from the postfix-users list, visit >> http://www.postfix.org/lists.html or click the link below: >> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> >> >> If my response solves your problem, the best way to thank me is to not >> send an "it worked, thanks" follow-up. If you must respond, please put >> "It worked, thanks" in the "Subject" so I can delete these quickly. >> > >
