Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
JvdMeij Respected Contributor.
Respected Contributor.
145 views

TLS fails on outgoing mail

I want to implement DKIM with the SMG. So I try to get the outbound mails to go through the SMG. But when I use do that I get a TLS error on the GWIA:

19:59:41 84FC DMN: MSG 3194551 Attempting to connect to <smg ip>
19:59:41 84FC DMN: MSG 3194551 Connected to [smg ip] (smg ip)
19:59:41 84FC DMN: MSG 3194551 SMTP STARTTLS failure (8922)
19:59:42 84FC DMN: MSG 3194551 Send Failure: 500 Command out of sequence

on the smg I see this:

STARTTLS
[139985231525632] 2019-11-14 20:00:01 (SMTP)<3545> [g->c] 220 Ready to start TLS
[139985231525632] 2019-11-14 20:00:01 (SMTP)<3545> TLS negotiation failed: SSL: (-1) accept fail protocol error : error:00000001:lib(0):func(0):reason(1) : undefined reason
[139985231525632] 2019-11-14 20:00:02 (SMTP)<3545> [c->g] EHLO mail.meerdaneen.nl
[139985231525632] 2019-11-14 20:00:02 (SMTP)<3545> [g->c] 500 Command out of sequence
[139985231525632] 2019-11-14 20:00:02 (SMTP)<3545> [c->g] HELO mail.meerdaneen.nl
[139985231525632] 2019-11-14 20:00:02 (SMTP)<3545> [g->c] 500 Command out of sequence
[139985231525632] 2019-11-14 20:00:02 (SMTP)<3545> [c->g] Receive Error: SOCKET: Peer disconnected during data receive
[139985231525632] 2019-11-14 20:00:02 (SMTP)<3545> Processing complete for connection from 10.0.0.211
[139985231525632] 2019-11-14 20:00:02 (SMTP)<3545> SMTP client connection finished processing (client count 0)

 

Can anyone help me with this? What can be the reason of this tls failure?

0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: TLS fails on outgoing mail

I have seen this with some mailers lately. For whatever reason do they fail the certificate check and you get:

SMTP STARTTLS failure (8922)

Thing is that some handle this in a sensible manner, ie:

SMTP STARTTLS failure, continuing non encrypted

 Why they barf I do not know, but do you have a self-signed certificate?

0 Likes
JvdMeij Respected Contributor.
Respected Contributor.

Re: TLS fails on outgoing mail

Yes, I did not have an official certificate on both the GWIA and the SMG.

I now have. Both on the GWIA, the HTTPS interface of the SMG and on the SSL settings of the SMG.

The previous error has gone. But now I get on the GWIA this:

15:51:05 FC66 MSG 3202762 Response: 250 Sender accepted
15:51:05 FC66 MSG 3202762 Detected error on SMTP command
15:51:05 FC66 MSG 3202762 Command: RCPT TO:<xxxxxx@gmail.com>
15:51:05 FC66 MSG 3202762 Response: 450 Requested mail action not taken
15:51:05 FC66 MSG 3202762 Command: DATA
15:51:05 FC66 MSG 3202762 Response: 221 Service closing transmission channel
15:51:05 FC66 MSG 3202762 Detected error on SMTP command
15:51:05 FC66 MSG 3202762 Command: Data...
15:51:05 FC66 MSG 3202762 Response: 450 Host down (gwavahost.mydomain.nl)

-------------------------

The SMG smtp interface says:

[139804985509632] 2019-12-05 15:48:18 (SMTP)<15> [g->s] MAIL FROM:<xxxxxx@meerdaneen.nl>
[139804985509632] 2019-12-05 15:48:18 (SMTP)<15> [s->g] 250 2.1.0 OK y12si8768989pfe.138 - gsmtp
[139804985509632] 2019-12-05 15:48:18 (SMTP)<15> [g->s] RCPT TO:<xxxxxxx@gmail.com>
[139804958209792] 2019-12-05 15:48:59 (SMTP)<16> [s->g] Receive Error: SOCKET: Connection timeout during read operation
[139804958209792] 2019-12-05 15:48:59 (SRVS)<16> Computed SMTP host alt2.gmail-smtp-in.l.google.com
[139804958209792] 2019-12-05 15:48:59 (SRVS)<16> Connecting to SMTP host at alt2.gmail-smtp-in.l.google.com
[139804958209792] 2019-12-05 15:48:59 (SRVS)<16> Connection established with SMTP host alt2.gmail-smtp-in.l.google.com [108.177.97.26] [108.177.97.26] <fd:13>
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 220 mx.google.com ESMTP z4si43908pjp.34 - gsmtp
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [g->s] EHLO mail.meerdaneen.nl
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250-mx.google.com at your service, [95.211.113.198]
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250-SIZE 157286400
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250-8BITMIME
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250-STARTTLS
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250-ENHANCEDSTATUSCODES
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250-PIPELINING
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250-CHUNKING
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [s->g] 250 SMTPUTF8
[139804958209792] 2019-12-05 15:49:00 (SMTP)<16> [g->s] MAIL FROM:<xxxxxxx@meerdaneen.nl>
[139804985509632] 2019-12-05 15:49:18 (SMTP)<15> [s->g] Receive Error: SOCKET: Connection timeout during read operation
[139804985509632] 2019-12-05 15:49:18 (SMTP)<15> [g->c] 450 Requested mail action not taken

I tried to raise the connection time-out on the SMG from 15 to 25. But no result....

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.