On 28/05/16 23:23, Sam Varshavchik wrote: >> We only use authenticated relaying via 465/SSL and 587/TLS so none >> of our clients use port 25 for auth/relay. The problem is our client >> recipient has to contact our support which then asks them for a copy >> of the error, then I get it, then I have to squirrel around in the >> mail logs to determine IP/hosts and hope a dig mx finds the right >> mailserver etc then whitelists that server/mx and cross my fingers >> I got all that right and our client can continue on their merry way. > > Do you know for sure that the sender bounces the mail if it can't > negotiate SSL; that the sender does not fallback to unencrypted?
Our recipient client gets a bounce from our server when they try to send to, for instance, @dss.gov.au so I presume these servers are not falling back to an unencrypted connection. This is a recent example of our client trying to send to x...@dss.gov.au... May 24 12:12:26 s1 courierd: newmsg,id=xxx, auth=xxx: dns; [xxx] ([::ffff:xxx]) May 24 12:12:26 s1 courierd: started,id=xxx,from=<xxx>,module=esmtp,host=dss.gov.au,addr=<x...@dss.gov.au> May 24 12:12:27 s1 courieresmtp: id=xxx,from=<xxx>,addr=<x...@dss.gov.au>: 500 couriertls: connect: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 24 12:12:27 s1 courieresmtp: id=xxx,from=<xxx>,addr=<x...@dss.gov.au>,status: failure May 24 12:12:27 s1 courierd: completed,id=xxx May 24 12:12:27 s1 courierd: started,id=xxx,from=<>,module=dsn,host=,addr=<xxx> May 24 12:12:27 s1 courierd: completed,id=xxx No real hint of a unencrypted connection in any of the examples I checked. Other failed domains are... orica.com network.pmc.gov.au bg-group.com jc.com.au ecanyons.com
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
