Greetings, Has anyone run into issues sending mail to email addresses at sbcglobal.net, bellsouth.net, att.net, att.net, ameritech.net, nvbell.net, flash.net, swbell.net, prodigy.net, pacbell.net, currently.com, and snet.net? All of these domains have MX records that use prodigy.net.
We are finding 3 of our 10 mail servers receive this error when sending: ---- 2025-03-21 16:34:37 1tvjz9-000000086Xv-3pod SMTP connection outbound 1742592877 1tvjz9-000000086Xv-3pod redacted.domain.com redacted-usern...@att.net 2025-03-21 16:36:49 1tvjz9-000000086Xv-3pod H=al-ip4-mx-vip2.prodigy.net [144.160.235.144]: SMTP timeout after initial connection: Connection timed out 2025-03-21 16:41:50 1tvjz9-000000086Xv-3pod TLS session: (SSL_connect): timed out: delivering unencrypted to H=ff-ip4-mx-vip2.prodigy.net [144.160.159.22] (not in hosts_require_tls) ---- Here is when the issue started. Server 1 - last delivered email 2025-03-11 09:48:30 CDT - first blocked email 2025-03-11 11:18:44 CDT Server 2 - last delivered email 2025-03-11 10:26:05 - first blocked email 2025-03-11 11:00:28 Server 3 - last delivered email 2025-03-11 10:40:16 - first blocked email 2025-03-11 11:22:26 All affected our servers run Cloudlinux, cPanel, and use exim. All are running cpanel-exim: 4.98.1-1.cp118~el8. The timing of all three servers cannot be coincidental. Also, our servers never get any updates or changes made at this hour, so we don't think it is a software patch or update causing this. Comparing Exim Configuration between servers that work and those that are timing out, they all have the same TLS settings, "Options for OpenSSL" match, and "SSL/TLS Cipher Suite List" match as well. File comparing the exim.conf files between the servers do not reveal any relevant or significant differences. We've also checked CSF, and we're not blocking anything outbound to these prodigy.net IP addresses (and no SMTP related ports, since all other email flows well). We've used swaks to help diagnose the issue and find it interesting that this does work: swaks --to redacted-usern...@att.net --from redacted-usern...@redacted.hostname.com --[ SNIP BEGIN OUTPUT ]------------------------------------------------------------------------------- === Trying al-ip4-mx-vip1.prodigy.net:25... === Connected to al-ip4-mx-vip1.prodigy.net. <- 220 alph775.prodigy.net ESMTP Sendmail Inbound 8.15.2/8.15.2; Fri, 21 Mar 2025 23:27:19 -0400 -> EHLO redacted.hostname.com <- 250-alph775.prodigy.net Hello redacted.hostname.com [redacted-IP], pleased to meet you <- 250-ENHANCEDSTATUSCODES <- 250-PIPELINING <- 250-8BITMIME <- 250-SIZE 41943040 <- 250-STARTTLS <- 250-DELIVERBY <- 250 HELP -> MAIL FROM:<redacted-usern...@redacted.hostname.com> <- 250 2.1.0 <redacted-usern...@redacted.hostname.com>... Sender ok -> RCPT TO:<redacted-usern...@att.net> <- 250 2.1.5 <redacted-usern...@att.net>... Recipient ok -> DATA <- 354 Enter mail, end with "." on a line by itself -> Date: Fri, 21 Mar 2025 22:27:19 -0500 -> To: redacted-usern...@att.net -> From: redacted-usern...@redacted.hostname.com -> Subject: test Fri, 21 Mar 2025 22:27:19 -0500 -> Message-Id: <20250321222719.2629...@redacted.hostname.com> -> X-Mailer: swaks v20240103.0 jetmore.org/john/code/swaks/ -> -> This is a test mailing -> -> -> . <- 250 2.0.0 52M3RJQW054614 Message accepted for delivery -> QUIT <- 221 2.0.0 alph775.prodigy.net closing connection === Connection closed with remote host. --[ SNIP END OUTPUT ]------------------------------------------------------------------------------- Now the same test, but telling swaks to use TLS does not work, and feels like the same issue the server is having. swaks --to redacted-usern...@att.net --from redacted-usern...@redacted.hostname.com --tlso --[ SNIP BEGIN OUTPUT ]------------------------------------------------------------------------------- === Trying ff-ip4-mx-vip2.prodigy.net:25... === Connected to ff-ip4-mx-vip2.prodigy.net. <- 220 flph824.prodigy.net ESMTP Sendmail Inbound 8.15.2/8.15.2; Fri, 21 Mar 2025 20:31:49 -0700 -> EHLO redacted.hostname.com <- 250-flph824.prodigy.net Hello redacted.hostname.com [redacted-IP], pleased to meet you <- 250-ENHANCEDSTATUSCODES <- 250-PIPELINING <- 250-8BITMIME <- 250-SIZE 41943040 <- 250-STARTTLS <- 250-DELIVERBY <- 250 HELP -> STARTTLS <- 220 2.0.0 Ready to start TLS *** TLS startup failed (connect(): error:00000000:lib(0):func(0):reason(0)) *** STARTTLS attempted but failed -> MAIL FROM:<redacted-usern...@redacted.hostname.com> --[ SNIP END OUTPUT ]------------------------------------------------------------------------------- It feels like at this point, there's a problem negotiating a TLS connection? We attempted to prove it was TLS specifically by putting hosts_avoid_tls in our exim.conf file with the four prodigy.net MX host names, but could not get that to work correctly. Any ideas, suggestions, or introductions to anyone that could help would be greatly appreciated. Thanks in advance! Bob
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
