On 29 Apr 2018, at 01:18, Dominic Raferd <domi...@timedicer.co.uk> wrote: > I've now found similar fall-backs for atlas.net.tr (Turkish service > provider) - same TLS problem 'error:1408A10B:SSL > routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:'. I > guess that (in both cases) this is because the incoming client is old > and can't offer better security than SSL3 - which we reject.
Are you expecting legit mail from these sources? Are you requiring encryption on port 25 (this is a bad idea). My take on SSL3 (or lower) is the these are attempts to force an unsafe exploitable encryption and that these are not connections from legitimate mail servers. YMMV. It appears that Swiss domain uses Google for their email: finarea.ch. 21599 IN MX 20 alt2.aspmx.l.google.com. finarea.ch. 21599 IN MX 30 aspmx2.googlemail.com. finarea.ch. 21599 IN MX 30 aspmx3.googlemail.com. finarea.ch. 21599 IN MX 30 aspmx4.googlemail.com. finarea.ch. 21599 IN MX 30 aspmx5.googlemail.com. finarea.ch. 21599 IN MX 10 aspmx.l.google.com. finarea.ch. 21599 IN MX 20 alt1.aspmx.l.google.com. finarea.ch. 21599 IN TXT "v=spf1 include:aspmx.googlemail.com a:spf.finarea.ch ~all” So the smpt1 looks suspicious. -- Moving into the universe And she's drifting this way and that Not touching the ground at all And she's up above the yard
