Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

2017-01-27 Thread Stefano Bagnara
The STARTTLS is only exposed by the business domains: Aruba is one of the biggest registrars for the .IT TLD, so it also handle inboxes for a lot of small business domains here in Italy. The receiving MX for the "non free" inboxes are: 62.149.128.(151|154|158|160|163|166) Every domain uses a singl

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

2017-01-27 Thread Brandon Long via mailop
On Fri, Jan 27, 2017 at 1:02 AM, Stefano Bagnara wrote: > On 23 January 2017 at 20:42, Brandon Long wrote: > >> Note that information about Google is about 3 years out of date, we no >> longer fall back to unencrypted. >> > > Thank you very much Brandon for the updated info. > > So, in case of a

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

2017-01-27 Thread Stefano Bagnara
On 23 January 2017 at 20:42, Brandon Long wrote: > Note that information about Google is about 3 years out of date, we no > longer fall back to unencrypted. > Thank you very much Brandon for the updated info. So, in case of a destination server announcing STARTTLS and then failing at *every* ST

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

2017-01-23 Thread Franck Martin via mailop
Seems to me the system is may be trying to verify the certificate? It may be checking the revoking list? But yes I would try to contact Aruba to get some info, may be someone on the list has a contact there? On Mon, Jan 23, 2017 at 11:42 AM, Brandon Long via mailop wrote: > Note that informatio

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

2017-01-23 Thread Brandon Long via mailop
Note that information about Google is about 3 years out of date, we no longer fall back to unencrypted. Your best bet for important domains you care about it to try and contact their admins to fix it. Other than that, it's basically up to your policies what to do... well, and what your software c

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

2017-01-23 Thread Andris Reinman
Having STARTTLS on by default is a good idea but you do need to have a fallback in place as there's quite a lot of problematic servers: * you need to trust self signed certificates, it doesn’t make much sense to go with plaintext if certificate is not valid * incompatible cipher suites (ie. serv

[mailop] Dealing with "454 TLS not available issues" (Aruba.it)

2017-01-23 Thread Stefano Bagnara
We recently enabled starttls to every destination (announcing the starttls extension). We now see a lot of "454 4.3.3 TLS not available due to temporary reason" in reply to the STARTTLS by a big B2B italian provider named Aruba. We usually are able to send the email after 2-3-5 attempts, so this i