Re: [mailop] Problem: Timeout after starttls

Thu, 26 Feb 2026 14:41:22 -0800 


On 26/02/2026 16:42, Fehlauer, Norbert via mailop wrote:

Hi Viktor,

thanks. Sorry about the missing line breaks. Got that from the sender. :/

Yes, the actual problem is, that the sender can not send mails to the server 
and as it is with this kind of problems he says it's our problem and I'm 
relatively confident that the problem is on the sender's side. But I just see 
the timeout in our logfile. The last two lines have a timeout of 60 seconds as 
you already mentioned. So, I do not see anything on my side what's preventing 
the sending server to actually send something. Don't know if it is helping to 
ask if someone from cleverreach is here on the list and could look at it (or 
give me a message off the list).


2026-02-25T09:20:21.807Z,edge01\Internet,08DE6A521B0E8C30,0,172.25.0.26:25,194.42.96.40:59854,+,,
2026-02-25T09:20:21.807Z,edge01\Internet,08DE6A521B0E8C30,1,172.25.0.26:25,194.42.96.40:59854,>,"220
 edge01.systema-online.de Microsoft ESMTP MAIL Service ready at Wed, 25 Feb 2026 10:20:21 
+0100",
2026-02-25T09:20:21.839Z,edge01\Internet,08DE6A521B0E8C30,2,172.25.0.26:25,194.42.96.40:59854,<,EHLO
 mail.example.com,
2026-02-25T09:20:21.839Z,edge01\Internet,08DE6A521B0E8C30,3,172.25.0.26:25,194.42.96.40:59854,>,250
  edge01.systema-online.de Hello [194.42.96.40] SIZE 20971520 PIPELINING DSN 
ENHANCEDSTATUSCODES STARTTLS 8BITMIME BINARYMIME CHUNKING SMTPUTF8,
2026-02-25T09:20:21.870Z,edge01\Internet,08DE6A521B0E8C30,4,172.25.0.26:25,194.42.96.40:59854,<,STARTTLS,
2026-02-25T09:20:21.870Z,edge01\Internet,08DE6A521B0E8C30,5,172.25.0.26:25,194.42.96.40:59854,>,220
 2.0.0 SMTP server ready,
2026-02-25T09:20:21.870Z,edge01\Internet,08DE6A521B0E8C30,6,172.25.0.26:25,194.42.96.40:59854,*,"
 CN=edge01.systema-online.de CN=Sectigo Public Server Authentication CA DV R36, O=Sectigo 
Limited, C=GB 21A6F6C3C7D709617337602BA0FA67D3 5878E90CE2818CF8B7BA5E6085F0128FE8237223 
2025-07-08T02:00:00.000Z 2026-08-09T01:59:59.000Z 
edge01.systema-online.de;www.edge01.systema-online.de",Sending certificate Subject 
Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2026-02-25T09:20:21.948Z,edge01\Internet,08DE6A521B0E8C30,7,172.25.0.26:25,194.42.96.40:59854,*,,"TLS
 protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm 
CALG_AES_256 with strength 256 bits, MAC hash algorithm CALG_SHA_384 with strength 0 bits 
and key exchange algorithm CALG_ECDH_EPHEM with strength 384 bits"

2026-02-25T09:21:21.996Z,edge01\Internet,08DE6A521B0E8C30,8,172.25.0.26:25,194.42.96.40:59854,>,451
 4.7.0 Timeout waiting for client input,
2026-02-25T09:21:21.996Z,edge01\Internet,08DE6A521B0E8C30,9,172.25.0.26:25,194.42.96.40:59854,-,,Local

Usually the bounce would tell something, but in this case it's our 
transactional mail provider (CR) who is sending to anyone but us. 😉
The problem exists since a few month and I'm now at the 3rd ticket with 'em and 
finally got at least the show logs from their side.

Kind regards
Norbert


Hi
as mentioned in another post this test hangs due to not being launched with -crlf. But this test is not showing anything unusual that can throw light on the original problem. You'd need to get logging about a case that is not working, where logging is from the sender, since it is the sender that suddenly disconnects. If anything the openssl test above shows that there is no issue for this test apart from being launched without -crlf. The fact that this test was launched without -crlf does not imply that this this is the same issue you got on receiving email from cleverreach, which may be a completely unrelated issue.
As far as not being able to access https://de.ssl-tools.net/ it's probably some dns issue. I can access it if I turn off dnssec validation in systemd-resolved. https://dnsviz.net/d/de.ssl-tools.net/dnssec/ shows some issues about dns but I am not sure if those are the real issue or it is some local configuration or issue that stops me accessing it. systemd-resolved returns servfail.
You may however have some issue because https://de.ssl-tools.net/ says that it cannot connect to edge01.systema-online.de and also https://www.ssllabs.com/ssltest/analyze.html?d=edge01.systema-online.de says the same. You might want to investigate further what happens when those testing sites try to connect to your email server. 

John


_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Reply via email to