On 30/04/2015 09:58, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 09:25:48AM +0300, Birta Levente wrote:
Perhaps some sort of middle-box is interfering with TLS on your
end. Also, what version of OpenSSL are you using?
Well "your end" can be anywhere between you and the Microsoft email
hosting mail servers.
I make a test on another server which is in totally other location, other
city, other ISP, but same OS, openssl and postfix.3.1.20150421
Can we rule out "Great Firewall of China"-style nation level
middleboxes?
Apr 30 08:55:06 srv2 postfix/smtp[4367]: SSL_connect error to
irs-ro.mail.eo.outlook.com[213.199.154.87]:25: lost connection
Apr 30 08:55:06 srv2 postfix/smtp[4367]: 3lcmBx5stxz7wX4:
Cannot start TLS: handshake failure
Apr 30 08:55:06 srv2 postfix/smtp[4367]:
SSL_connect error to irs-ro.mail.eo.outlook.com[213.199.154.23]:25:
lost connection
I have no problem connecting to this host with default settings.
Apr 29 15:04:46 srv1 postfix/smtp[5398]: Untrusted TLS connection
established to mx4.hotmail.com[65.55.33.119]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-SHA384 (256/256 bits)
Hotmail.com is completely separate infrastructure. You'd need to
find other domains with a "<mumble>.mail.*.outlook.com" mailhost.
A somewhat more similar domain to test is "microsoft.com"
$ dig +short -t mx microsoft.com
10 microsoft-com.mail.protection.outlook.com.
Have you tried "swaks"? Or
openssl s_client -starttls smtp -connect irs-ro.mail.eo.outlook.com:25
OK, I found the problem:
I had configured the smtp_tls_CAfile. Removing everything works fine.
Thanks for support
--
Levi
