On Mon, Nov 30, 2020 at 04:44:17PM -0300, SysAdmin EM wrote: > It seems strange to me because the connection was working correctly and no > changes have been made to the settings.
The *remote* server is malfunctioning, so your settings are largely irrelevant. > Here the configuration of the Exchange Server: > https://freeimage.host/i/FNElne For help with Exchange this is not the right list. > > But in this case the server drops the connection immediately after > > accepting the STARTTLS command, and before receiving the client TLS > > HELLO. The outbound transmission of the client HELLO fails > > (presumably a TCP RST arrived right after the STARTTLS ok): > > > > posttls-finger: initializing the client-side TLS engine > > posttls-finger: Connected to exet02.hostmar.com[200.58.120.69]:25 > > posttls-finger: < 220 HMEXCAS01.host.hm.local Microsoft ESMTP MAIL > > Service ready at Mon, 30 Nov 2020 16:13:58 -0300 > > [...] > > posttls-finger: > STARTTLS > > posttls-finger: < 220 2.0.0 SMTP server ready > > posttls-finger: setting up TLS connection to exet02.hostmar.com > > [200.58.120.69]:25 > > posttls-finger: exet02.hostmar.com[200.58.120.69]:25: TLS cipher list > > "aNULL:-aNULL:HIGH:MEDIUM:@STRENGTH:+RC4:+3DES:!eNULL" > > posttls-finger: SSL_connect:before SSL initialization > > posttls-finger: SSL_connect:SSLv3/TLS write client hello > > posttls-finger: SSL_connect:error in SSLv3/TLS write client hello > > posttls-finger: SSL_connect error to > > exet02.hostmar.com[200.58.120.69]:25: lost connection > > > > So there's no use trying to get TLS to work for this server, it's not > > going to happen. See above, there's nothing you can do on the Postfix side, you have to fix the TLS support on the Exchange side. -- VIktor.
