date:20170404

Re: [qmailtoaster] notlshosts

2017-04-04 Thread Eric Broch


Rajesh,

Do you think the remote servers require a certificate signed by a 
certificate authority (rather than self-signed)? I had to get one so 
that some client's phones could connect to my qmailtoasters.


Eric


On 4/4/2017 9:16 PM, Rajesh M wrote:

hi

i am getting problems sending emails to specific domains

i wish to enable notlshosts for such domain

saw the wiki but not much use
http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN

saw a few examples in qmail forum but am not clear on the instructions.

i require the detailed steps please.

thanks
rajesh




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] notlshosts

2017-04-04 Thread Eric Broch

Good documentation here as well 
https://talk.plesk.com/threads/plesk-12-odin-script-to-disable-sslv3-problems.333574/



On 4/4/2017 9:16 PM, Rajesh M wrote:

hi

i am getting problems sending emails to specific domains

i wish to enable notlshosts for such domain

saw the wiki but not much use
http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN

saw a few examples in qmail forum but am not clear on the instructions.

i require the detailed steps please.

thanks
rajesh




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] notlshosts

2017-04-04 Thread Eric Broch


Rajesh,

Sorry, I seemed to be stumped as to why encrypted email is not received 
by those domains. Are there contacts at any of the offending domains 
that might be able to help you resolve this?


Anyway...to your question:

I don't see any thorough documentation, but here 
 is were qmailtoaster's 
qmail-remote tls patch comes from, and a plesk 
 
example based on the qmailtoaster wiki. Also it looks like the best 
documentation here 
.


It looks like you'll need to create the directory 
/var/qmail/control/notlshosts and touch the file for the domain(s) for 
which you do not want tls connection.


So:

# cd /var/qmail/control

# mkdir notlshosts

# chown root:qmail notlshosts

# chmod 755 notlshosts

# touch notlshosts/mx.somedomain.tld

# chown root:qmail notlshosts/mx.somedomain.tld

# chmod 644 notlshosts/mx.somedomain.tld

Where 'mx.somedomain.tld' is the domain that receives plaintext email.

You may have to play with permissions, I'm not sure.

Eric


On 4/4/2017 9:16 PM, Rajesh M wrote:

hi

i am getting problems sending emails to specific domains

i wish to enable notlshosts for such domain

saw the wiki but not much use
http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN

saw a few examples in qmail forum but am not clear on the instructions.

i require the detailed steps please.

thanks
rajesh




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)

[qmailtoaster] notlshosts

2017-04-04 Thread Rajesh M

hi

i am getting problems sending emails to specific domains

i wish to enable notlshosts for such domain

saw the wiki but not much use
http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN

saw a few examples in qmail forum but am not clear on the instructions.

i require the detailed steps please.

thanks
rajesh


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] TLS connect failed: timed out

2017-04-04 Thread Rajesh M

eric

that is what is did.
first stop  wait for a minute and then start.

rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 4 Apr 2017 08:35:13 -0600
Subject:

There is a difference between restart and stop/start. Try a stop/start.


On 4/4/2017 8:33 AM, Rajesh M wrote:
> eric
>
> yes, i restarted qmail.
>
> rajesh
>
> - Original Message -
> From: Eric Broch [mailto:ebr...@whitehorsetc.com]
> To: qmailtoaster-list@qmailtoaster.com
> Sent: Tue, 4 Apr 2017 06:14:59 -0600
> Subject:
>
> Rajesh,
>
> Did you (restart)
>
> # qmailctl restart
>
> or
>
> (stop/start)
>
> # qmailctl stop
>
> # qmailctl start
>
> ?
>
> Eric
>
>
> On 4/4/2017 12:13 AM, Rajesh M wrote:
>> eric
>>
>> here are the details
>>
>> [root@ns1 control]# openssl version
>> OpenSSL 1.0.1e-fips 11 Feb 2013
>>
>> [root@ns1 control]# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 
>> -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25
>> CONNECTED(0003)
>> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B))
>>  - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64   220 mta11.emas.d
>> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53   bschenker.com ES
>> 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20   MTP Smtpd; Tue,
>> 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32   4 Apr 2017 08:12
>> 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a  :30 +0200..
>> write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19))
>>  - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
>> 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net..
>> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6))
>>  - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64   250-mta11.emas.d
>> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65   bschenker.com He
>> 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e   llo ns1.aaaonlin
>> 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e   ux.com [103.241.
>> 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65   181.137], please
>> 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32   d to meet you..2
>> 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55   50-ENHANCEDSTATU
>> 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45   SCODES..250-PIPE
>> 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54   LINING..250-8BIT
>> 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32   MIME..250-SIZE 2
>> 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54   6214400..250-AUT
>> 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32   H LOGIN PLAIN..2
>> 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30   50-STARTTLS..250
>> 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20   -DELIVERBY..250
>> 00e0 - 48 45 4c 50 0d 0a HELP..
>> write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA))
>>  - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
>> read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E))
>>  - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20   220 2.0.0 Ready
>> 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS..
>> write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63))
>>  - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c   ^...Z..X.8R\
>> 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b   .7.#...c/B.+
>> 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35   EQ8.6..5
>> 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e   .-.#. ..
>> 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   
>> 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   
>> 0060 - 00 01 01  ...
> TLS 1.2 Handshake [length 005e], ClientHello
>>   01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86
>>   92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2
>>   f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00
>>   2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06
>>   03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03
>>   02 03 03 02 01 02 02 02 03 00 0f 00 01 01
>>
>>
>> thank you,
>> rajesh
>>
>> - Original Message -
>> From: Eric Broch [mailto:ebr...@whitehorsetc.com]
>> To: qmailtoaster-list@qmailtoaster.com
>> Sent: Tue, 4 Apr 2017 00:09:04 -0600
>> Subject:
>>
>> Also run command with -debug and -msg options in red below.
>>
>> # openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher
>> "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25
>>
>>
>> On 4/4/2017 12:03 AM, Eric Broch wrote:
>>> Rajesh,
>>>
>>> Please disregard my last question (Does it connect and get full cert
>>> details if you use IP address?).
>>>
>>> "here too, the issue is server side. My mail server is not able to
>>> connect to the mail server of hpe.com and send the emails of my clients"
>>>
>>> Your server is acting as a client in

Re: [qmailtoaster] TLS connect failed: timed out

2017-04-04 Thread Eric Broch


There is a difference between restart and stop/start. Try a stop/start.


On 4/4/2017 8:33 AM, Rajesh M wrote:

eric

yes, i restarted qmail.

rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 4 Apr 2017 06:14:59 -0600
Subject:

Rajesh,

Did you (restart)

# qmailctl restart

or

(stop/start)

# qmailctl stop

# qmailctl start

?

Eric


On 4/4/2017 12:13 AM, Rajesh M wrote:

eric

here are the details

[root@ns1 control]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[root@ns1 control]# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher 
"AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25
CONNECTED(0003)
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B))
 - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64   220 mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53   bschenker.com ES
0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20   MTP Smtpd; Tue,
0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32   4 Apr 2017 08:12
0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a  :30 +0200..
write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19))
 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net..
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6))
 - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64   250-mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65   bschenker.com He
0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e   llo ns1.aaaonlin
0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e   ux.com [103.241.
0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65   181.137], please
0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32   d to meet you..2
0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55   50-ENHANCEDSTATU
0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45   SCODES..250-PIPE
0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54   LINING..250-8BIT
0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32   MIME..250-SIZE 2
00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54   6214400..250-AUT
00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32   H LOGIN PLAIN..2
00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30   50-STARTTLS..250
00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20   -DELIVERBY..250
00e0 - 48 45 4c 50 0d 0a HELP..
write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA))
 - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E))
 - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20   220 2.0.0 Ready
0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS..
write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63))
 - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c   ^...Z..X.8R\
0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b   .7.#...c/B.+
0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35   EQ8.6..5
0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e   .-.#. ..
0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   
0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   
0060 - 00 01 01  ...

TLS 1.2 Handshake [length 005e], ClientHello

  01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86
  92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2
  f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00
  2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06
  03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03
  02 03 03 02 01 02 02 02 03 00 0f 00 01 01


thank you,
rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 4 Apr 2017 00:09:04 -0600
Subject:

Also run command with -debug and -msg options in red below.

# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher
"AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25


On 4/4/2017 12:03 AM, Eric Broch wrote:

Rajesh,

Please disregard my last question (Does it connect and get full cert
details if you use IP address?).

"here too, the issue is server side. My mail server is not able to
connect to the mail server of hpe.com and send the emails of my clients"

Your server is acting as a client in this case by initiating a TLS
connection to the domains in question...to deliver mail, correct? Do
you have settings in one of your control files to initiate TLS
connections with certain domains?

"openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher
"AES256-SHA" -connect mx01.emas.dbschenker.com:25"

This command works from my COS6 and COS7 hosts. So I don't think it's
on their end.

which openssl version are you running?

Eric



-
To unsubscribe, e-mail: qmai

Re: [qmailtoaster] TLS connect failed: timed out

2017-04-04 Thread Rajesh M

eric

yes, i restarted qmail.

rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 4 Apr 2017 06:14:59 -0600
Subject:

Rajesh,

Did you (restart)

# qmailctl restart

or

(stop/start)

# qmailctl stop

# qmailctl start

?

Eric


On 4/4/2017 12:13 AM, Rajesh M wrote:
> eric
>
> here are the details
>
> [root@ns1 control]# openssl version
> OpenSSL 1.0.1e-fips 11 Feb 2013
>
> [root@ns1 control]# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 
> -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25
> CONNECTED(0003)
> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B))
>  - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64   220 mta11.emas.d
> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53   bschenker.com ES
> 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20   MTP Smtpd; Tue,
> 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32   4 Apr 2017 08:12
> 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a  :30 +0200..
> write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19))
>  - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
> 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net..
> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6))
>  - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64   250-mta11.emas.d
> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65   bschenker.com He
> 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e   llo ns1.aaaonlin
> 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e   ux.com [103.241.
> 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65   181.137], please
> 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32   d to meet you..2
> 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55   50-ENHANCEDSTATU
> 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45   SCODES..250-PIPE
> 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54   LINING..250-8BIT
> 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32   MIME..250-SIZE 2
> 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54   6214400..250-AUT
> 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32   H LOGIN PLAIN..2
> 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30   50-STARTTLS..250
> 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20   -DELIVERBY..250
> 00e0 - 48 45 4c 50 0d 0a HELP..
> write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA))
>  - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
> read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E))
>  - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20   220 2.0.0 Ready
> 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS..
> write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63))
>  - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c   ^...Z..X.8R\
> 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b   .7.#...c/B.+
> 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35   EQ8.6..5
> 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e   .-.#. ..
> 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   
> 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   
> 0060 - 00 01 01  ...
 TLS 1.2 Handshake [length 005e], ClientHello
>  01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86
>  92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2
>  f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00
>  2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06
>  03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03
>  02 03 03 02 01 02 02 02 03 00 0f 00 01 01
>
>
> thank you,
> rajesh
>
> - Original Message -
> From: Eric Broch [mailto:ebr...@whitehorsetc.com]
> To: qmailtoaster-list@qmailtoaster.com
> Sent: Tue, 4 Apr 2017 00:09:04 -0600
> Subject:
>
> Also run command with -debug and -msg options in red below.
>
> # openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher
> "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25
>
>
> On 4/4/2017 12:03 AM, Eric Broch wrote:
>> Rajesh,
>>
>> Please disregard my last question (Does it connect and get full cert
>> details if you use IP address?).
>>
>> "here too, the issue is server side. My mail server is not able to
>> connect to the mail server of hpe.com and send the emails of my clients"
>>
>> Your server is acting as a client in this case by initiating a TLS
>> connection to the domains in question...to deliver mail, correct? Do
>> you have settings in one of your control files to initiate TLS
>> connections with certain domains?
>>
>> "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher
>> "AES256-SHA" -connect mx01.emas.dbschenker.com:25"
>>
>> This command works from my COS6 and COS7 hosts. So I don't think it's
>> on their end.
>>
>> which openssl version are you running?
>>
>> Eric
>>
>
>
> -

Re: [qmailtoaster] TLS connect failed: timed out

2017-04-04 Thread Eric Broch


Rajesh,

Did you (restart)

# qmailctl restart

or

(stop/start)

# qmailctl stop

# qmailctl start

?

Eric


On 4/4/2017 12:13 AM, Rajesh M wrote:

eric

here are the details

[root@ns1 control]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[root@ns1 control]# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher 
"AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25
CONNECTED(0003)
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B))
 - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64   220 mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53   bschenker.com ES
0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20   MTP Smtpd; Tue,
0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32   4 Apr 2017 08:12
0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a  :30 +0200..
write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19))
 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net..
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6))
 - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64   250-mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65   bschenker.com He
0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e   llo ns1.aaaonlin
0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e   ux.com [103.241.
0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65   181.137], please
0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32   d to meet you..2
0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55   50-ENHANCEDSTATU
0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45   SCODES..250-PIPE
0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54   LINING..250-8BIT
0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32   MIME..250-SIZE 2
00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54   6214400..250-AUT
00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32   H LOGIN PLAIN..2
00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30   50-STARTTLS..250
00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20   -DELIVERBY..250
00e0 - 48 45 4c 50 0d 0a HELP..
write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA))
 - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E))
 - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20   220 2.0.0 Ready
0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS..
write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63))
 - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c   ^...Z..X.8R\
0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b   .7.#...c/B.+
0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35   EQ8.6..5
0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e   .-.#. ..
0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   
0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   
0060 - 00 01 01  ...

TLS 1.2 Handshake [length 005e], ClientHello

 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86
 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2
 f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00
 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06
 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03
 02 03 03 02 01 02 02 02 03 00 0f 00 01 01


thank you,
rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 4 Apr 2017 00:09:04 -0600
Subject:

Also run command with -debug and -msg options in red below.

# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher
"AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25


On 4/4/2017 12:03 AM, Eric Broch wrote:

Rajesh,

Please disregard my last question (Does it connect and get full cert
details if you use IP address?).

"here too, the issue is server side. My mail server is not able to
connect to the mail server of hpe.com and send the emails of my clients"

Your server is acting as a client in this case by initiating a TLS
connection to the domains in question...to deliver mail, correct? Do
you have settings in one of your control files to initiate TLS
connections with certain domains?

"openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher
"AES256-SHA" -connect mx01.emas.dbschenker.com:25"

This command works from my COS6 and COS7 hosts. So I don't think it's
on their end.

which openssl version are you running?

Eric




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] notlshosts

Re: [qmailtoaster] notlshosts

Re: [qmailtoaster] notlshosts

[qmailtoaster] notlshosts

Re: [qmailtoaster] TLS connect failed: timed out

Re: [qmailtoaster] TLS connect failed: timed out

Re: [qmailtoaster] TLS connect failed: timed out

Re: [qmailtoaster] TLS connect failed: timed out

8 matches

Site Navigation

Mail list logo

Footer information