Mailing List CGatePro@mail.stalker.com Message #106836
From: Ralf Zenklusen, BAR Informatik AG r.zenklusen@barinformatik.ch <CGatePro@mail.stalker.com>
Subject: AW: TLS version, fix one break another
Date: Tue, 05 Jun 2018 12:00:31 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.52.54.12/1.54.12.21
Well, yes that's probably our main problem at the moment mainly because we see this more and more.
Some servers support only weak cyphers, others need strong cyphers. Some need TLS3 others support  only 2.... etc.
It's impossible to satisfy all these requirements.

We get more and more complains that emails don't get through.
We then need to identify the reason for the "broken connection and set the domain manually to "send plain" at Settings->Mail->SMTP->Sending->Send Encrypted.

CGate should really (try to) fall back to plain automatically, if it fails to make a secure connection.
Obviously it would be good to have a setting per domain or the possibility to override for connections that you need to keep safe.

Really hope this will appear in one of the next releases.



Kind regards
Ralf

 
r.zenklusen@barinformatik.ch
-----Urspr├╝ngliche Nachricht-----
Von: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
Gesendet: Dienstag, 5. Juni 2018 03:23
An: CommuniGate Pro Discussions
Betreff: TLS version, fix one break another

I had some emails stuck in the queue, with the already known error
"Error Code=TLS record
version is not 3.x"
So I implemented the solution detailed on a post here a couple of
months ago, creating a Startup.sh file with the parameter
"--SMTPOutgoingTLSVersion 3"
Voilà ! after restarting, those emails that were stuck went through..!

But... (why always a but!?) ... another whole set of emails began
queuing up, with "connection is broke" and no further explanation.
Specifically all domains hosted by Microsoft's services.

I removed the Startup.sh fix, restarted, and all those emails went through.

So, is there a solution that works for all and does not create it's
own set of problems?

best regards,

Roberto

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster