On Thu, Apr 30, 2015 at 09:25:48AM +0300, Birta Levente wrote:
> >Perhaps some sort of middle-box is interfering with TLS on your
> >end. Also, what version of OpenSSL are you using?
Well "your end" can be anywhere between you and the Microsoft email
hosting mail servers.
> I make a test on another server which is in totally other location, other
> city, other ISP, but same OS, openssl and postfix.3.1.20150421
Can we rule out "Great Firewall of China"-style nation level
middleboxes?
> Apr 30 08:55:06 srv2 postfix/smtp[4367]: SSL_connect error to
> irs-ro.mail.eo.outlook.com[213.199.154.87]:25: lost connection
> Apr 30 08:55:06 srv2 postfix/smtp[4367]: 3lcmBx5stxz7wX4:
> Cannot start TLS: handshake failure
> Apr 30 08:55:06 srv2 postfix/smtp[4367]:
> SSL_connect error to irs-ro.mail.eo.outlook.com[213.199.154.23]:25:
> lost connection
I have no problem connecting to this host with default settings.
> Apr 29 15:04:46 srv1 postfix/smtp[5398]: Untrusted TLS connection
> established to mx4.hotmail.com[65.55.33.119]:25: TLSv1.2 with cipher
> ECDHE-RSA-AES256-SHA384 (256/256 bits)
Hotmail.com is completely separate infrastructure. You'd need to
find other domains with a "<mumble>.mail.*.outlook.com" mailhost.
A somewhat more similar domain to test is "microsoft.com"
$ dig +short -t mx microsoft.com
10 microsoft-com.mail.protection.outlook.com.
Have you tried "swaks"? Or
openssl s_client -starttls smtp -connect irs-ro.mail.eo.outlook.com:25
--
Viktor.
