On Thu, Aug 14, 2014 at 02:07:29PM -0700, Quanah Gibson-Mount wrote:
> I'm trying to validate some sender restriction maps, but I'm unable to even
> send out a basic email over 587 for manual testing even before I set the
> restriction maps, and I'm not clear why. Any insight appreciated.
>
> [zimbra@zre-ldap003 ~]$ openssl s_client -CApath /opt/zimbra/conf/ca
> -connect zre-ldap003.eng.zimbra.com:587 -starttls smtp
Wrong tool for the job, s_client is not netcat.
> RCPT TO:<testus...@zre-ldap003.eng.zimbra.com>
> RENEGOTIATING
There's your problem. s_client(1) treates "R" and "Q" at the
beginnings of lines specially. You can try 'rcpt to:' (lower-case)
to work-around the issue.
You need something more transparent that takes cleartext in and
sends TLS out, but can negotiate via SMTP STARTTLS.
--
Viktor.
