On 23/09/2020 16:59, Bill Cole via Exim-users wrote: > 1. You don't allow any TLS versions below 1.2. While that may seem to be > a safety measure, it actually can cause problems because a client that > does not support v1.2 or v1.3 can only resort to sending in clear text. > > 2. Your server is soliciting client certificates and sending a list of > 126 acceptable CAs. Some clients may interpret the solicitation of > client certs as a demand for a client cert, and when they cannot match a > CA on that list, will give up. Unless you are using client certs for > authentication (generally not useful on port 25) there's no reason to > solicit them.
No, neither of those - the GMX end is not even soliciting STARTTLS. It doesn't get as far as trying a TLS handshake. My only guess is to try disabling CHUNKING or PRDR advertisement, to see if one of those is confusing them. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
