On Thu, Apr 30, 2015 at 09:25:48AM +0300, Birta Levente wrote: > >Perhaps some sort of middle-box is interfering with TLS on your > >end. Also, what version of OpenSSL are you using?
Well "your end" can be anywhere between you and the Microsoft email hosting mail servers. > I make a test on another server which is in totally other location, other > city, other ISP, but same OS, openssl and postfix.3.1.20150421 Can we rule out "Great Firewall of China"-style nation level middleboxes? > Apr 30 08:55:06 srv2 postfix/smtp[4367]: SSL_connect error to > irs-ro.mail.eo.outlook.com[213.199.154.87]:25: lost connection > Apr 30 08:55:06 srv2 postfix/smtp[4367]: 3lcmBx5stxz7wX4: > Cannot start TLS: handshake failure > Apr 30 08:55:06 srv2 postfix/smtp[4367]: > SSL_connect error to irs-ro.mail.eo.outlook.com[213.199.154.23]:25: > lost connection I have no problem connecting to this host with default settings. > Apr 29 15:04:46 srv1 postfix/smtp[5398]: Untrusted TLS connection > established to mx4.hotmail.com[65.55.33.119]:25: TLSv1.2 with cipher > ECDHE-RSA-AES256-SHA384 (256/256 bits) Hotmail.com is completely separate infrastructure. You'd need to find other domains with a "<mumble>.mail.*.outlook.com" mailhost. A somewhat more similar domain to test is "microsoft.com" $ dig +short -t mx microsoft.com 10 microsoft-com.mail.protection.outlook.com. Have you tried "swaks"? Or openssl s_client -starttls smtp -connect irs-ro.mail.eo.outlook.com:25 -- Viktor.