Okay. So I've looked further into this, the destination MX record contains 6 addresses. The first 5 generates the below TLS IO Error, but the 6th doesn't seem to be up to respond on SMTP queries. So what I believe is happening is that OpenSMTPD retries all alternative MX records when TLS is failing on the first ones.. but then the last isn't up so it lingers with 'Network error on destination MXs'
Any input on how to do a workaround? Is it possible to force non-tls on certain destinations or change the fallback algorithm? ---- Eric Ripa > On 2015-05-13, at 13:18, Eric Ripa <[email protected]> wrote: > > I forgot to mention some details. It's OpenSMTPD 5.4.4 on OpenBSD 5.6. I'm > happy to provide the MX hostnames in private if someone needs them. > > > ---- > Eric Ripa > > > > > >> On 2015-05-13, at 09:22, Eric Ripa <[email protected]> wrote: >> >> Hi, >> >> I'm getting a weird IO error on when smtpd tries to deliver mail over >> smtp+tls. The MX record contains multiple servers and all are showing the >> same behavior. >> >> Could anyone shed some light on the potential issue? Enveloped end up in >> temporary failure with 'Network error on destination MXs' >> >> May 13 09:16:51 mail smtpd[23296]: smtp-out: Connecting to >> smtp+tls://[REDACTED]:25 (mms.[REDACTED].com) on session 5a151ca2c611100d... >> May 13 09:16:51 mail smtpd[23296]: smtp-out: Connected on session >> 5a151ca2c611100d >> May 13 09:16:52 mail smtpd[23296]: smtp-out: Error on session >> 5a151ca2c611100d: IO Error: error:1407741A:SSL >> routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error >> May 13 09:16:52 mail smtpd[23296]: smtp-out: Disabling route [] <-> >> [REDACTED] (mms.[REDACTED].com) for 800s >> May 13 09:16:53 mail smtpd[23296]: smtp-out: Connecting to >> smtp+tls://[REDACTED]:25 (mail-gw.[REDACTED].com) on session >> 5a151ca314e2c781... >> May 13 09:16:53 mail smtpd[23296]: smtp-out: Connected on session >> 5a151ca314e2c781 >> May 13 09:16:54 mail smtpd[23296]: smtp-out: Error on session >> 5a151ca314e2c781: IO Error: error:1407741A:SSL >> routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error >> May 13 09:16:54 mail smtpd[23296]: smtp-out: Disabling route [] <-> >> [REDACTED] (mail-gw.[REDACTED].com) for 800s >> May 13 09:16:55 mail smtpd[23296]: smtp-out: Connecting to >> smtp+tls://[REDACTED]:25 (mail-gw6.[REDACTED].com) on session >> 5a151ca44b96ca01... >> May 13 09:16:56 mail smtpd[23296]: smtp-out: Connected on session >> 5a151ca44b96ca01 >> May 13 09:16:56 mail smtpd[23296]: smtp-out: Error on session >> 5a151ca44b96ca01: IO Error: error:1407741A:SSL >> routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error >> May 13 09:16:56 mail smtpd[23296]: smtp-out: Disabling route [] <-> >> [REDACTED] (mail-gw6.[REDACTED].com) for 800s >> >> Thanks, >> Eric Ripa >> >> >> >> >> >> >> -- >> You received this mail because you are subscribed to [email protected] >> To unsubscribe, send a mail to: [email protected] > -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
