On 28/05/16 23:23, Sam Varshavchik wrote:
>> We only use authenticated relaying via 465/SSL and 587/TLS so none
>> of our clients use port 25 for auth/relay. The problem is our client
>> recipient has to contact our support which then asks them for a copy
>> of the error, then I get it, then I have to squirrel around in the
>> mail logs to determine IP/hosts and hope a dig mx finds the right
>> mailserver etc then whitelists that server/mx and cross my fingers
>> I got all that right and our client can continue on their merry way.
> 
> Do you know for sure that the sender bounces the mail if it can't
> negotiate SSL; that the sender does not fallback to unencrypted?

Our recipient client gets a bounce from our server when they try to
send to, for instance, @dss.gov.au so I presume these servers are not
falling back to an unencrypted connection. This is a recent example
of our client trying to send to x...@dss.gov.au...

May 24 12:12:26 s1 courierd: newmsg,id=xxx, auth=xxx: dns; [xxx] ([::ffff:xxx])
May 24 12:12:26 s1 courierd: 
started,id=xxx,from=<xxx>,module=esmtp,host=dss.gov.au,addr=<x...@dss.gov.au>
May 24 12:12:27 s1 courieresmtp: id=xxx,from=<xxx>,addr=<x...@dss.gov.au>:
 500 couriertls: connect: error:1407741A:SSL 
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error
May 24 12:12:27 s1 courieresmtp: 
id=xxx,from=<xxx>,addr=<x...@dss.gov.au>,status: failure
May 24 12:12:27 s1 courierd: completed,id=xxx
May 24 12:12:27 s1 courierd: started,id=xxx,from=<>,module=dsn,host=,addr=<xxx>
May 24 12:12:27 s1 courierd: completed,id=xxx

No real hint of a unencrypted connection in any of the examples I checked.

Other failed domains are...

orica.com
network.pmc.gov.au
bg-group.com
jc.com.au
ecanyons.com


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to