Cannot send mail to certain recipients. SMTP STARTTLS failure (8922)



Cannot mail certain recipients. The sender sees this in the GW Client:




The reason given for the delay: 420 TCP write error




The following is shown in the GWIA log:




07:11:54 2323 DMN: MSG 2815270 Attempting to connect to 07:11:54 2323 DMN: MSG 2815270 Connected to [] ( 07:11:54 2323 DMN: MSG 2815270 SMTP STARTTLS failure (8922) 07:11:55 2323 DMN: MSG 2815270 SMTP session ended: [] (






The best way to troubleshoot this would be to get a packet trace. On the GWIA server:




tcpdump -i any -s 0 -w /root/surftown.cap host




This will capture data just for that ip. Note that you cannot filter on a single IP if the recipient has multiple ones.

Open the packet trace in Wireshark. Look at the client and server hellos:

Client Hello. That is you:


You are indicating that you support TLS up to 1.2. Ideally the receiving mailserver should use that version, but instead:
Here the receiving mailserver uses TLS 1.0 and that protocol is regarded as unsecure and was deprecated in June 2018. GW 18.2 will not talk to him.


Ask the admin of the receiving mailserver to upgrade to a supported version of SSL


How To-Best Practice
Comment List
Parents Comment Children
No Data