Mailing List CGatePro@mail.stalker.com Message #102763
From: Marcel Hochuli <mhochuli@a-f.ch>
Subject: Re: Problem establishing a secure SMTP connection - failed to accept a secure connection
Date: Fri, 2 Dec 2011 09:18:49 +0000
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Thanks for the Help Scott, Dennis and CGP Support

It was indeed this Setting:

Add this options in startup-script:
SUPPLPARAMS="--TLSServerHelloExtensions NO"

Guide:

Regards,
Marcel

_______________________________________



Am 30.11.2011 um 00:16 schrieb Marcel Hochuli:

Hello all

What is the reason for closing this TLS connection?

We have this problem with one known site. They cannot send any emails to this site.

18:40:59.860 5 SMTPI-059373([10.10.10.10]) TLS out 22: (76) 02 00 00 48 03 01 31 31 39 35 30 30 30 30 32 30 38 35 45 37 33 33 30 38 30 42 33 31 44 38 37 30 30 33 39 36 34 35 20 00 00 C1 46 4E D5 19 2B FF 54 06 42 91 BA 85 72 D7 31 B1 E8 5C FF 17 9F A0 98 5D 96 58 93 C1 39 00 35 00 00 00
18:40:59.860 4 SMTPI-059373([10.10.10.10]) TLSv1 out(632): certificate
18:40:59.860 5 SMTPI-059373([10.10.10.10]) TLS out 22: (636) 0B 00 02 78 00 02 75 00 02 72 30 82 02 6E 30 82 01 D7 02 04 25 87 2F 31 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7E 31 0B 30 09 06 03 55 04 06 13 02 43 48 31 0D 30 0B 06 03 55 04 07 13 04 42 65 72 6E 31 23 30 21 06 03 55 04 0A 13 1A 41 50 50 41 4C 4F 4F 5A 41 20 70 72 6F 64 75 63 74 69 6F 6E 73 20 47 6D 62 48 31 1A 30 18 06 03 55 04 03 13 11 6D 61 69 6C 2E 61 70 70 61 6C 6F 6F 7A 61 2E 63 68 31 1F 30 1D 06 09 2A 86 48 86 F7
18:40:59.860 4 SMTPI-059373([10.10.10.10]) TLSv1 out(0): server_hello_done
18:40:59.860 5 SMTPI-059373([10.10.10.10]) TLS out 22: (4) 0E 00 00 00
18:40:59.874 2 TLS-049478 session closed by SMTPI-059373, refCount=1
18:40:59.874 3 SMTPI-059373([10.10.10.10]) failed to accept a secure connection for 'mydomain.dom'. Error Code=connection closed by peer
18:41:00.074 5 SMTPI-059373([10.10.10.10]) TLS out 21: (2) 02 0A
18:41:00.074 4 SMTPI-059373([10.10.10.10]) closing connection
18:41:00.074 4 SMTPI-059373([10.10.10.10]) releasing stream


Thanks in advance for any tips


Marcel

_______________________________________



Am 29.11.2011 um 18:09 schrieb Marcel Hochuli:

Hello Scott

where do you change logging for TLS? I didn't found it. It seems TLS-Settings are moving around from version to version...

We have the same problem with a customer since upgrading from 5.3.x to 5.4.2. A veeery big swiss provider cannot send emails to this customer running cgp 5.4.2 on Mac OS X.

I dunno if it's the same problem that Dmitry talks about in email "TLS errors" form 6th of November?


Marcel

_______________________________________



Am 29.11.2011 um 00:03 schrieb Scott Jensen:

Hi again,
     A bit of new info:  I found the prefs for TLS behavior and turned the logging option up to All Info.  This is now in the log file:

17:52:33.182 2 TLS-181184 session created for SMTPI-090400, v.1, method=AES256_SHA
17:52:33.265 2 TLS-181184 session closed by SMTPI-090400, refCount=1
17:52:33.265 3 SMTPI-090400(msg2.disney.com) failed to accept a secure connection for 'ocr-mail.mit.edu'. Error Code=connection closed by peer

     In just the few minutes that I've had TLS logging turned up, I see several SMTPI connections from other systems using the method AES256_SHA (all successful), so I have to think it's not a problem in CGP's implementation of AES256_SHA...

     Again, any other ideas?...

---SCJ



On Nov 28, 2011, at 5:07 PM, Scott Jensen wrote:

Hi,
     I've got a problem I've never seen before occurring today (apparently it started just before thanksgiving).  Some users at Disney are trying to send messages to my users, and they're getting a failure bounce back.  We can send messages to them with no problem, but they can't send or reply to us.  The problem seems to revolve around the inability of the two servers to negotiate a TLS connection.  Here's an example bounce a Disney user is getting back (sent to me via gmail - sender & rcvr addresses changed):


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster