Re: [qmailtoaster] TLS connect failed: timed out

Rajesh M Mon, 03 Apr 2017 23:14:32 -0700

eric

here are the details


[root@ns1 control]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[root@ns1 control]# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher 
"AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25
CONNECTED(00000003)
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B))
0000 - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64   220 mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53   bschenker.com ES
0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20   MTP Smtpd; Tue,
0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32   4 Apr 2017 08:12
0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a                  :30 +0200..
write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19))
0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0a                        ent.net..
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6))
0000 - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64   250-mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65   bschenker.com He
0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e   llo ns1.aaaonlin
0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e   ux.com [103.241.
0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65   181.137], please
0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32   d to meet you..2
0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55   50-ENHANCEDSTATU
0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45   SCODES..250-PIPE
0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54   LINING..250-8BIT
0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32   MIME..250-SIZE 2
00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54   6214400..250-AUT
00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32   H LOGIN PLAIN..2
00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30   50-STARTTLS..250
00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20   -DELIVERBY..250
00e0 - 48 45 4c 50 0d 0a                                 HELP..
write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E))
0000 - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20   220 2.0.0 Ready
0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a         to start TLS..
write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63))
0000 - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c   ....^...Z..X.8R\
0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b   .7.#...c/....B.+
0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35   EQ....8.6......5
0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e   .....-.#..... ..
0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   ................
0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   ................
0060 - 00 01 01                                          ...
>>> TLS 1.2 Handshake [length 005e], ClientHello
    01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86
    92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2
    f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00
    2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06
    03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03
    02 03 03 02 01 02 02 02 03 00 0f 00 01 01


thank you,
rajesh

----- Original Message -----
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 4 Apr 2017 00:09:04 -0600
Subject:

Also run command with -debug and -msg options in red below.

# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher
"AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25


On 4/4/2017 12:03 AM, Eric Broch wrote:
> Rajesh,
>
> Please disregard my last question (Does it connect and get full cert
> details if you use IP address?).
>
> "here too, the issue is server side. My mail server is not able to
> connect to the mail server of hpe.com and send the emails of my clients"
>
> Your server is acting as a client in this case by initiating a TLS
> connection to the domains in question...to deliver mail, correct? Do
> you have settings in one of your control files to initiate TLS
> connections with certain domains?
>
> "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher
> "AES256-SHA" -connect mx01.emas.dbschenker.com:25"
>
> This command works from my COS6 and COS7 hosts. So I don't think it's
> on their end.
>
> which openssl version are you running?
>
> Eric
>

--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] TLS connect failed: timed out

Reply via email to