On 2025-05-14 at 10:50:52 UTC-0400 (Wed, 14 May 2025 10:50:52 -0400)
Scott Q. via mailop <qm...@top-consulting.net>
is rumored to have said:
It doesn't appear to be a networking issue, pings show no packet
loss.
It need not be a networking problem for it to be a blockage specific to
your network neighborhood, as Viktor suggested. I.e. something on their
end maybe doesn't like you. Or your own network egress is somehow
manipulating the data.
Not sure what it could be really. Do you notice a delay before
you get the 220 banner ?
I see about a 2s pause between connect and banner and a dozen manual
connects one after another showed the same pause every time, with 19
different hostnames in 32 banners behind 3 IP different addresses. All
gave the same EHLO response.
I tried with both tls and without, same result:
openssl s_client -connect smtp.secureserver.net:25 -starttls smtp
CONNECTED(00000004)
Didn't find STARTTLS in server response, trying anyway...
That says something significant. Your mail server wouldn't happen to be
living behind a Cisco firewall, would it?
If s_client says that, then it has successfully connected, sent a EHLO
command, and got something in response.
If it isn't seeing STARTTLS then either STARTTLS wasn't offered *OR*
some middlebox interfering with SMTP removed it. In my quick testing,
the machines answering behind smtp.secureserver.net all offer STARTTLS.
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 356 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
On Wednesday, 14/05/2025 at 10:42 Viktor Dukhovni via mailop wrote:
On Wed, May 14, 2025 at 10:15:02AM -0400, Scott Q. via mailop wrote:
Can someone from GoDaddy reach out ? There appears to be some issues
on your side. We get a 220 banner 1 out of 10 times when connecting
to
smtp.secureserver.net
FWIW, I just tried 4 connections from my MX host in MEL AU, all
successful, e.g., the most recent:
$ posttls-finger -F /etc/ssl/cert.pem -lsecure -c -Lsummary
"[smtp.secureserver.net]"
posttls-finger: Verified TLS connection established
to smtp.secureserver.net[92.204.80.0]:25:
TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)
One more from München DE (dane.sys4.de):
$ posttls-finger -P /etc/ssl/certs -lsecure -c -Lsummary
"[smtp.secureserver.net]"
posttls-finger: Verified TLS connection established
to smtp.secureserver.net[92.204.80.0]:25:
TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)
One more from isi.de in Los Angeles, California (DANE survey host):
$ posttls-finger -F /etc/ssl/cert.pem -lsecure -c -Lsummary
"[smtp.secureserver.net]"
posttls-finger: Verified TLS connection established
to smtp.secureserver.net[216.69.141.84]:25:
TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)
Perhaps the problem is localised to your network neighbourhood?
--
Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
