My campus recently switched to office365.com on port 587 from an internal Exchange server. Unfortunately, I haven't been able to connect. Typical error message is TLS error on connection to outlook-namwest2.office365.com [40.97.133.114] (gnutls_handshake): An unexpected TLS packet was received.
Searching on the internet has some advice on setting up connections to office365, but I think I have everything set. Could it be a problem that my passwd.client file has (some info obscured) smtp.office365.com:[email protected]:xxxx but that the ultimate host name is different, as seen above? The router uses the smtp.office365.com name. Other ideas, including ways to isolate the problem? I also tried with smtptest and got a similar, early, failure. It seems to be before any real authentication, since it never asked for a password. I'm putting this first because it may have more detail about the problem than the exim logs further down. -------------------------------------------------------------------------- $ smtptest -u [email protected] -s -p 587 smtp.office365.com -v starting TLS engine setting up TLS connection SSL_connect:before/connect initialization write to 7FA54998CB40 [7FA54998D0C0] (517 bytes => 517 (0x205)) 0000 16 03 01 02 00 01 00 01|fc 03 03 d2 00 f3 fa 76 0010 73 99 a9 80 25 a8 a9 f3|e8 7a 59 da b2 72 12 86 0020 dd 14 4a 98 f9 4e b8 e9|27 6b ac 00 00 82 c0 30 0030 c0 2c c0 28 c0 24 c0 14|c0 0a 00 a3 00 9f 00 6b 0040 00 6a 00 39 00 38 00 88|00 87 c0 32 c0 2e c0 2a 0050 c0 26 c0 0f c0 05 00 9d|00 3d 00 35 00 84 c0 2f 0060 c0 2b c0 27 c0 23 c0 13|c0 09 00 a2 00 9e 00 67 0070 00 40 00 33 00 32 00 9a|00 99 00 45 00 44 c0 31 0080 c0 2d c0 29 c0 25 c0 0e|c0 04 00 9c 00 3c 00 2f 0090 00 96 00 41 c0 11 c0 07|c0 0c c0 02 00 05 00 04 00a0 c0 12 c0 08 00 16 00 13|c0 0d c0 03 00 0a 00 ff 00b0 01 00 01 51 00 0b 00 04|03 00 01 02 00 0a 00 34 00c0 00 32 00 0e 00 0d 00 19|00 0b 00 0c 00 18 00 09 00d0 00 0a 00 16 00 17 00 08|00 06 00 07 00 14 00 15 00e0 00 04 00 05 00 12 00 13|00 01 00 02 00 03 00 0f 00f0 00 10 00 11 00 23 00 00|00 0d 00 20 00 1e 06 01 0100 06 02 06 03 05 01 05 02|05 03 04 01 04 02 04 03 0110 03 01 03 02 03 03 02 01|02 02 02 03 00 0f 00 01 0120 01 00 15 00 e0 0205 - <SPACES/NULS> SSL_connect:SSLv2/v3 write client hello A read from 7FA54998CB40 [7FA549992620] (7 bytes => 7 (0x7)) 0000 32 32 30 20 4d 57 48 SSL_connect:error in SSLv2/v3 read server hello A -1 SSL_connect error -1 SSL session removed failure: TLS negotiation failed! --------------------------------------------------- This is from a debugging session with exim --------------------------------------------------------------------------- outlook-namwest.office365.com [40.97.124.34]:587 status = usable 40.97.124.34 in serialize_hosts? no (option unset) delivering 1d3vC1-0007Xf-NB to outlook-namwest.office365.com [40.97.124.34] ([email protected]) set_process_info: 28999 delivering 1d3vC1-0007Xf-NB to outlook-namwest.office365.com [40.97.124.34] ([email protected]) Transport port=465 replaced by host-specific port=587 Connecting to outlook-namwest.office365.com [40.97.124.34]:587 ... connected 40.97.124.34 in hosts_avoid_esmtp? no (option unset) 40.97.124.34 in hosts_require_ocsp? no (option unset) 40.97.124.34 in hosts_request_ocsp? yes (matched "*") initialising GnuTLS as a client on fd 7 GnuTLS global init required. initialising GnuTLS client session Expanding various TLS configuration options for session credentials. TLS: no client certificate specified; okay TLS: tls_verify_certificates not set or empty, ignoring GnuTLS using default session cipher/priority "NORMAL" Setting D-H prime minimum acceptable bits to 1024 in tls_verify_hosts? no (option unset) in tls_try_verify_hosts? no (option unset) TLS: server certificate verification not required. TLS: will request OCSP stapling about to gnutls_handshake LOG: MAIN TLS error on connection to outlook-namwest.office365.com [40.97.124.34] (gnutls_handshake): An unexpected TLS packet was received. ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL set_process_info: 28999 delivering 1d3vC1-0007Xf-NB: just tried outlook-namwest.office365.com [40.97.124.34] for [email protected]: result DEFER added retry item for T:outlook-namwest.office365.com:40.97.124.34:587: errno=-37 more_errno=0,A flags=2 I have disable_ipv6 = true; without it exim tried only IPv6 addresses, which weren't routable by the OS. exim 4.84_2 running on Debian Jessie. Thanks for any help. Ross Boylan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
