David:
but isn't the communication still in port 25? What config requires the
firewall?
atte,
Ingo Claro
Gerente de Operaciones
[EMAIL PROTECTED]
(+56-2) 43 00 155
-----Mensaje original-----
De: David Pollack [mailto:[EMAIL PROTECTED]
Enviado el: Lunes, 04 de Abril de 2005 12:44
Para: [email protected]
Asunto: RE: [toaster] TLS connect failed
Cool. Quite likely, the firewall between that server & the internet is not
configured to allow TLS thru.
Cheers,
david
-----Original Message-----
From: Ingo Claro [mailto:[EMAIL PROTECTED]
Sent: Monday, April 04, 2005 12:34 PM
To: [email protected]
Subject: RE: [toaster] TLS connect failed
David:
that was it! i get the following:
250-TLS
250-HELP
250-STARTTLS
250-DSN
250-SIZE 20480000
250-8BITMIME
250 PIPELINING
starttls
220 Ready to start TLS
Connection closed by foreign host.
the server closed the connection inmediatly after doing the starttls. So
it's a problem in the other server.
regards,
Ingo
_____________________________________________
De: Pollack, David [mailto:[EMAIL PROTECTED]
Enviado el: Lunes, 04 de Abril de 2005 13:05
Para: '[email protected]'
Asunto: [toaster] TLS connect failed
There are a couple of things to check here.
* Look in /var/log/qmail/qmail-send/current - are you seeing
permissions errors for "clientcert.pem" and /or "servercert.pem"?
* Make sure you have servercert.pem and clientcert.pem in
/var/qmail/control, and that they are readable by the user that is running
qmail. The simplest thing to do is to chown the files so that the qmail
group is the owner - this way you're sure that all the qmail users can read
it.
* If this is happening with only ONE host on the intenet - like, it
always fails to "domain.com" - there's a chance that the remote server is
not configured correctly for TLS, but is saying that it is.
You can test this like this:
slimy:~> telnet mx1.domain.com 25
Trying 216.251.32.71...
Connected to mx1.domain.com.
Escape character is '^]'.
220 mail107.domain.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 31 Mar 2005
12:01:12 -0500
ehlo domain.com
250-mail107.domain.com Hello slimy.dreamhost.com [205.196.208.18], pleased
to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE
52428800 250-DSN 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP
starttls 220 2.0.0 Ready to start TLS
If you cant execute the "STARTTLS" command, somehting could be wrong on the
remote server.
Good luck,
david
-----Original Message-----
From: Ingo Claro [mailto:[EMAIL PROTECTED]
Sent: Monday, April 04, 2005 11:41 AM
To: [email protected]
Subject: [toaster] TLS connect failed
Hello all,
i've encountered the following bounce from my server:
<[EMAIL PROTECTED]>:
TLS connect failed; connected to xxx.xxx.xxx.xxx.
I'm not going to try again; this message has been in the queue too long.
anyone knows why it happens?
regards,
Ingo
