Mailing List CGatePro@mail.stalker.com Message #106874
From: Technical Support support@stalker.com <CGatePro@mail.stalker.com>
Subject: Re: AW: TLS version, fix one break another
Date: Mon, 25 Jun 2018 17:24:57 +0300
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Hello,

On 2018-06-05 13:00, Ralf Zenklusen, BAR Informatik AG r.zenklusen@barinformatik.ch wrote:
Well, yes that's probably our main problem at the moment mainly because we see this more and more.
Some servers support only weak cyphers, others need strong cyphers. Some need TLS3 others support  only 2.... etc.
It's impossible to satisfy all these requirements.

We get more and more complains that emails don't get through.
We then need to identify the reason for the "broken connection and set the domain manually to "send plain" at Settings->Mail->SMTP->Sending->Send Encrypted.

CGate should really (try to) fall back to plain automatically, if it fails to make a secure connection.
Obviously it would be good to have a setting per domain or the possibility to override for connections that you need to keep safe.

Really hope this will appear in one of the next releases.

In 6.2.6 (due early July) there will be an option with TLS version to suggest on outgoing connections and for connections with optional security (that is, not for the hosts in the Send securely list) the offered TLS version will be reduced after each connection failure.



Kind regards
Ralf

  
r.zenklusen@barinformatik.ch
-----Urspr├╝ngliche Nachricht-----
Von: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
Gesendet: Dienstag, 5. Juni 2018 03:23
An: CommuniGate Pro Discussions
Betreff: TLS version, fix one break another

I had some emails stuck in the queue, with the already known error
"Error Code=TLS record
version is not 3.x"
So I implemented the solution detailed on a post here a couple of
months ago, creating a Startup.sh file with the parameter
"--SMTPOutgoingTLSVersion 3"
Voilà ! after restarting, those emails that were stuck went through..!

But... (why always a but!?) ... another whole set of emails began
queuing up, with "connection is broke" and no further explanation.
Specifically all domains hosted by Microsoft's services.

I removed the Startup.sh fix, restarted, and all those emails went through.

So, is there a solution that works for all and does not create it's
own set of problems?

best regards,

Roberto

#############################################################
This message is sent to you because you are subscribed to
   the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>




#############################################################
This message is sent to you because you are subscribed to
   the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>


--
Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your
reply.
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster