=127.0.0.1[127.0.0.1]:10026, delay=0.24, delays=0.1/0/0.04/0.09,
>> dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 56253920A60) Nov 30
>> 15:29:40 smarthost04-ded postfix-out/smtp[9312]: 56253920A60: Cannot
>> start TLS: handshake failure Nov 30 15:29:40 smarthost04-ded
>>
On 30 Nov 2020, at 12:07, SysAdmin EM wrote:
> TLS: handshake failure Nov 30 15:29:40 smarthost04-ded
> I have read the documentation but I cannot understand why this error occurs.
Because the server running thirteen year old software does not support valid
encryption methods.
Here is an artic
On Mon, Nov 30, 2020 at 04:44:17PM -0300, SysAdmin EM wrote:
> It seems strange to me because the connection was working correctly and no
> changes have been made to the settings.
The *remote* server is malfunctioning, so your settings are largely irrelevant.
> Here the configuration of the Exch
lun, 30 de nov. de 2020 a la(s) 16:20, Viktor Dukhovni (
postfix-us...@dukhovni.org) escribió:
> On Mon, Nov 30, 2020 at 02:50:43PM -0300, SysAdmin EM wrote:
>
> > Nov 30 14:43:58 smarthost04-ded postfix-out/smtp[31323]: 0F6EE920CBC:
> > Cannot start TLS: handshake failure
> &g
On Mon, Nov 30, 2020 at 02:50:43PM -0300, SysAdmin EM wrote:
> Nov 30 14:43:58 smarthost04-ded postfix-out/smtp[31323]: 0F6EE920CBC:
> Cannot start TLS: handshake failure
> Nov 30 14:43:58 smarthost04-ded postfix-out/smtp[31323]: 0F6EE920CBC: to=<
> fvid...@exchange.infoauto.com.ar
ost04-ded postfix-out/smtp[9312]: 56253920A60: Cannot
> start TLS: handshake failure Nov 30 15:29:40 smarthost04-ded
> postfix-out/smtp[9312]: 56253920A60:
> to=,
> relay=exet02.hostmar.com[200.58.120.69]:25, delay=0.12,
> delays=0.09/0/0.03/0, dsn=4.7.5, status=deferred (Cannot sta
Hello,
When trying to send an email to a server which works with Microsoft
Exchange I receive the following message: Cannot start TLS: handshake
failure
Nov 30 14:43:58 smarthost04-ded postfix-out/smtpd[31559]: 0F6EE920CBC:
client=localhost[127.0.0.1]
Nov 30 14:43:58 smarthost04-ded postfix-out
> On Jan 16, 2019, at 3:24 PM, Stefan Bauer wrote:
>
> "Some sites may blacklist you when you are probing them too often (a probe is
> an SMTP session that does not deliver mail), or when you are probing them too
> often for a non-existent address. This is one reason why you should use
> sende
"Some sites may blacklist you when you are probing them too often (a probe
is an SMTP session that does not deliver mail), or when you are probing
them too often for a non-existent address. This is one reason why you
should use sender address verification sparingly, if at all, when your site
receiv
> On Jan 16, 2019, at 9:56 AM, Wietse Venema wrote:
>
>> reject_unverified_recipient is no option as remote sites don't like
>> probing/verify requests. After rechecking, i had a typo in my regex.
>
> reject_unverified RECIPIENT, not reject_unverified_SENDER
Specifically, because it would be us
; > >
> > > -- 880 Kbytes in 3 Requests.
> > > root@mx1:~# mailq
> > > -Queue ID- --Size-- Arrival Time -Sender/Recipient---
> > > A97288008B 776694 Sun Jan 13 13:14:29 sender@sender
> > > (Cann
---
> > A97288008B 776694 Sun Jan 13 13:14:29 sender@sender
> > (Cannot start TLS: handshake
> > failure)
>
> http://www.postfix.org/postconf.5.html#reject_unverified_recipient.
>
> > Jan 15 14:23:01 mx1 smtp[5985]: SSL_connect e
Sun Jan 13 13:14:29 sender@sender
> (Cannot start TLS: handshake
> failure)
http://www.postfix.org/postconf.5.html#reject_unverified_recipient.
> Jan 15 14:23:01 mx1 smtp[5985]: SSL_connect error to recipient.tld[ip]:25:
> -1
> Jan 15 14:
(Cannot start TLS: handshake
failure)
recipient@recipient
Jan 15 14:23:01 mx1 smtp[5985]: SSL_connect error to recipient.tld[ip]:25:
-1
Jan 15 14:23:01 mx1 smtp[5985]: warning: TLS library problem:
error:141A318A:SSL
;
> The cipher grade in Postfix sets a "floor" on the ciphers used, that
> is only medium or better. Nobody is "making them medium":
>
> http://www.postfix.org/postconf.5.html#smtp_tls_ciphers
>
> --
> Viktor.
Appreciate your input, Viktor
> On Mar 30, 2017, at 12:03 AM, Den1 wrote:
>
>> smtp_tls_ciphers = medium
>> smtp_tls_exclude_ciphers =
>> MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4
>
> Why would you exclude these ciphers
Because:
* MD5 is weak, obsolete and unnecessary
* SRP and PSK require special code to use,
1664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p89748.html
Sent from the Postfix Users mailing list archive at Nabble.com.
On Wed, Mar 29, 2017 at 05:03:51AM -0700, Den1 wrote:
> I was wondering is it actually advisable to use tls on smtp? When I tried it
> out with my self-signed certificates just to see if it's of any convenience
> to implement this feature I received the following response:
>
> TLS required, but w
On Wed, Mar 29, 2017 at 04:14:35AM -0700, oakley wrote:
> *openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)*
>
Why on earth are you wasting our time showing results of connections
to an HTTPS service. In every message you post, show the current
*Postfix* configuration, *l
t the same for smtp as it works for me with 'may', but
it's quite different with encrypt or secure.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p89733.html
Sent from the Postfix Users mailing list archive at Nabble.com.
Louis
> -Oorspronkelijk bericht-
> Van: webmas...@lshipping.info [mailto:owner-postfix-us...@postfix.org]
> Namens Den1
> Verzonden: woensdag 29 maart 2017 14:50
> Aan: postfix-users@postfix.org
> Onderwerp: RE: Postfix cannot start tls: handshake failure
>
> Hi Louis,
>
> Thank
Hi Louis,
Thank you for your input, I appreciate. I have smtpd running OK with all the
key_file, cert_file and so on. I was asking about smtp. These two are
different :-)
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure
mens Den1
> Verzonden: woensdag 29 maart 2017 14:04
> Aan: postfix-users@postfix.org
> Onderwerp: Re: Postfix cannot start tls: handshake failure
>
> I was wondering is it actually advisable to use tls on smtp? When I tried
> it
> out with my self-signed certificates just to see if
t on the above, please? Many thanks!
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p89727.html
Sent from the Postfix Users mailing list archive at Nabble.com.
he date this all went down hill, too.
Do you think this has a possibility?
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p89726.html
Sent from the Postfix Users mailing list archive at Nabble.com.
> On Mar 27, 2017, at 3:26 PM, oakley wrote:
>
> I'm now using port 25.
Perhaps. But logging associated failure is more useful than just noting
this claim.
> I've tested to see if my firewall or what ever was blocking it, but I can
> connect when I tested via;
>
> $ openssl s_client -connect
in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p89703.html
Sent from the Postfix Users mailing list archive at Nabble.com.
> On Mar 27, 2017, at 1:09 PM, Mark Wise wrote:
>
> Really sorry.
> http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-td89684.html
You'll need to join the postfix-users list via majord...@postfix.org,
as explained at http://www.postfix.org/l
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p89697.html
Sent from the Postfix Users mailing list archive at Nabble.com.
> On Mar 27, 2017, at 1:51 PM, oakley wrote:
>
> Appreciate the reply, Viktor. I've done everything you've suggested...
Not quite, as you're not connecting to the right relay service. Do
check an authoritative source on what relayhost you're supposed to use.
> This is when I use:
> *smtp_tls
n>
localhost postfix/qmgr[5012]: B3A80BEF2F: from=, size=287,
nrcpt=1 (queue active)
localhost postfix/smtp[4700]: SSL_connect error to
email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:465: Connection timed out
localhost postfix/smtp[4700]: E969BBEF28: Cannot start TLS: h
otocol:s23_clnt.c:794:93591BEF30:
> Cannot start TLS: handshake failure
>
> relayhost = [email-smtp.eu-west-1.amazonaws.com]:25
Double check that this is the correct relay to use. Typically,
providers operate SMTP submission services on port 587 (STARTTLS)
or 465 (SMTP inside SSL/TLS
zonaws.com[52.51.114.192]:25:
-1
localhost postfix/smtp[2100]: warning: TLS library problem:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:794:
93591BEF30: Cannot start TLS: handshake failure
--
HERE ARE CONTENTS OF MY MAIN.CF for postfix:
--
/Cannot-start-TLS-handshake-failure-when-relaying-through-Exchange-2007-tp86243p86258.html
Sent from the Postfix Users mailing list archive at Nabble.com.
bbix postfix/smtp[10382]: 32D975004EE: Cannot start
> TLS: handshake failure
> [ ... start of server connection details ... ]
> New, TLSv1/SSLv3, Cipher is RC4-MD5
> Secure Renegotiation IS NOT supported
> Protocol : TLSv1
> Cipher: RC4-MD5
Note that your server's idea o
lpdesk software has a special alias that forwards email from the
specified destination account to a perl script that creates/updates a ticket
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Cannot-start-TLS-handshake-failure-when-relaying-through-Exchange-2007-tp86243p862
10382]: 32D975004EE: Cannot start
TLS: handshake failure
Sep 14 11:52:54 mar-zabbix postfix/smtp[10375]: SSL_connect error to
mar-exch01.mydomain.com[192.168.100.223]:25: lost connection
Sep 14 11:52:54 mar-zabbix postfix/smtp[10375]: 0891F5006D1: Cannot start
TLS: handshake failure
Sep 14 11:52:5
On 2015-05-20 11:32, King Cao wrote:
Dears,
Hi,
Currently my postfix need to delivery mails to exchange 2003 and
encounter handshake failure issue when setting up the TLS connection.
posttls-finger failed but openssl succeeded. The remote exchange only
support cipher: "RC4-SHA".
The "RC4-SH
Dears,
Currently my postfix need to delivery mails to exchange 2003 and encounter
handshake failure issue when setting up the TLS connection.
posttls-finger failed but openssl succeeded. The remote exchange only
support cipher: "RC4-SHA".
The "RC4-SHA" is 71st place on the cipher list. And postt
> On May 1, 2015, at 12:01 AM, Viktor Dukhovni
> wrote:
>
> On Fri, May 01, 2015 at 04:51:03AM +, Viktor Dukhovni wrote:
>
>> For this server, you need a more "compact" cipherlist as a work-around.
>>
>> smtp_tls_exclude_ciphers =
>> #
>> # Disable MD5, DSA
On Fri, May 01, 2015 at 04:51:03AM +, Viktor Dukhovni wrote:
> For this server, you need a more "compact" cipherlist as a work-around.
>
> smtp_tls_exclude_ciphers =
> #
> # Disable MD5, DSA, SRP and PSK, and the "exotic" fixed DH
> cipher suites.
>
On Thu, Apr 30, 2015 at 08:28:21PM -0700, Tom Johnson wrote:
> > That aside, even with the "wrong" MX host, I still get successful
> > connections. Perhaps you're behind some sort of firewall that
> > proxies TLS and disconnects when it does not like the peer certificate:
> >
> > $ posttls-finge
\
> > error to mail.mlmatthews.com[23.25.38.217]:25: lost connection \
> > 2015-04-29T22:36:51+ server.domain.com postfix-gw/smtp[29844]:
> > 3lcZT61sm7z5wjJ: \
> > to=, relay=mail.mlmatthews.com[23.25.38.217]:25,
> > delay=8.8, \
> > delays=8.5/0.26/0.05/0, dsn=4.
On Wed, Apr 29, 2015 at 05:57:36PM -0700, Tom Johnson wrote:
> I have a basic postfix setup that's been working fine for a long time,
> but recently, I've been seeing errors with a number of sites:
>
> "Cannot start TLS: handshake failure"
>
> Here ar
I have a basic postfix setup that's been working fine for a long time, but
recently, I've been seeing errors with a number of sites:
"Cannot start TLS: handshake failure"
Here are some specific sites where I'm seeing this issue:
SSL_connect error to 2
Hello Viktor
> Your logs are too verbose. This just hides the real problem in a torrent of
> noise.
This surprised me because we alway increase the logging when there is trouble
right? But it was the most help!
> Resolving TLS handshake problems requires full-package PCAP captures and
> wire
> I am having handshake problems on the relay, the error is "Cannot start TLS:
> handshake failure". Of course if I see logs in great detail for my servers
> and his domain then I can do the troubleshooting.
Your logs are too verbose. This just hides the real problem in a to
il from my server to his server.
I am having handshake problems on the relay, the error is "Cannot start TLS:
handshake failure". Of course if I see logs in great detail for my servers
and his domain then I can do the troubleshooting.
But I only control for my server.
For my logs I
48 matches
Mail list logo
