Re: [qmailtoaster] TLS connect failed: timed out
eric that is what is did. first stop wait for a minute and then start. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 08:35:13 -0600 Subject: There is a difference between restart and stop/start. Try a stop/start. On 4/4/2017 8:33 AM, Rajesh M wrote: > eric > > yes, i restarted qmail. > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 4 Apr 2017 06:14:59 -0600 > Subject: > > Rajesh, > > Did you (restart) > > # qmailctl restart > > or > > (stop/start) > > # qmailctl stop > > # qmailctl start > > ? > > Eric > > > On 4/4/2017 12:13 AM, Rajesh M wrote: >> eric >> >> here are the details >> >> [root@ns1 control]# openssl version >> OpenSSL 1.0.1e-fips 11 Feb 2013 >> >> [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 >> -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 >> CONNECTED(0003) >> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) >> - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d >> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES >> 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, >> 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 >> 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. >> write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) >> - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli >> 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. >> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) >> - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d >> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He >> 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin >> 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. >> 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please >> 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 >> 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU >> 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE >> 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT >> 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 >> 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT >> 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 >> 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 >> 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 >> 00e0 - 48 45 4c 50 0d 0a HELP.. >> write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) >> - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. >> read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) >> - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready >> 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. >> write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) >> - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ >> 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ >> 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 >> 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. >> 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 >> 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f >> 0060 - 00 01 01 ... > TLS 1.2 Handshake [length 005e], ClientHello >> 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 >> 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 >> f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 >> 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 >> 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 >> 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 >> >> >> thank you, >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 4 Apr 2017 00:09:04 -0600 >> Subject: >> >> Also run command with -debug and -msg options in red below. >> >> # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher >> "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 >> >> >> On 4/4/2017 12:03 AM, Eric Broch wrote: >>> Rajesh, >>> >>> Please disregard my last question (Does it connect and get full cert >>> details if you use IP address?). >>> >>> "here too, the issue is server side. My mail server is not able to >>> connect to the mail server of hpe.com and send the emails of my clients" >>> >>> Your server is acting as a client
Re: [qmailtoaster] TLS connect failed: timed out
There is a difference between restart and stop/start. Try a stop/start. On 4/4/2017 8:33 AM, Rajesh M wrote: eric yes, i restarted qmail. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 06:14:59 -0600 Subject: Rajesh, Did you (restart) # qmailctl restart or (stop/start) # qmailctl stop # qmailctl start ? Eric On 4/4/2017 12:13 AM, Rajesh M wrote: eric here are the details [root@ns1 control]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 CONNECTED(0003) read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 00e0 - 48 45 4c 50 0d 0a HELP.. write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f 0060 - 00 01 01 ... TLS 1.2 Handshake [length 005e], ClientHello 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 00:09:04 -0600 Subject: Also run command with -debug and -msg options in red below. # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 On 4/4/2017 12:03 AM, Eric Broch wrote: Rajesh, Please disregard my last question (Does it connect and get full cert details if you use IP address?). "here too, the issue is server side. My mail server is not able to connect to the mail server of hpe.com and send the emails of my clients" Your server is acting as a client in this case by initiating a TLS connection to the domains in question...to deliver mail, correct? Do you have settings in one of your control files to initiate TLS connections with certain domains? "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect mx01.emas.dbschenker.com:25" This command works from my COS6 and COS7 hosts. So I don't think it's on their end. which openssl version are you running? Eric - To unsubscribe, e-mail:
Re: [qmailtoaster] TLS connect failed: timed out
eric yes, i restarted qmail. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 06:14:59 -0600 Subject: Rajesh, Did you (restart) # qmailctl restart or (stop/start) # qmailctl stop # qmailctl start ? Eric On 4/4/2017 12:13 AM, Rajesh M wrote: > eric > > here are the details > > [root@ns1 control]# openssl version > OpenSSL 1.0.1e-fips 11 Feb 2013 > > [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 > -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 > CONNECTED(0003) > read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) > - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d > 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES > 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, > 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 > 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. > write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) > - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli > 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. > read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) > - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d > 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He > 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin > 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. > 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please > 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 > 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU > 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE > 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT > 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 > 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT > 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 > 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 > 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 > 00e0 - 48 45 4c 50 0d 0a HELP.. > write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) > - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. > read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) > - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready > 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. > write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) > - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ > 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ > 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 > 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. > 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 > 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f > 0060 - 00 01 01 ... TLS 1.2 Handshake [length 005e], ClientHello > 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 > 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 > f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 > 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 > 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 > 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 > > > thank you, > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 4 Apr 2017 00:09:04 -0600 > Subject: > > Also run command with -debug and -msg options in red below. > > # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher > "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 > > > On 4/4/2017 12:03 AM, Eric Broch wrote: >> Rajesh, >> >> Please disregard my last question (Does it connect and get full cert >> details if you use IP address?). >> >> "here too, the issue is server side. My mail server is not able to >> connect to the mail server of hpe.com and send the emails of my clients" >> >> Your server is acting as a client in this case by initiating a TLS >> connection to the domains in question...to deliver mail, correct? Do >> you have settings in one of your control files to initiate TLS >> connections with certain domains? >> >> "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher >> "AES256-SHA" -connect mx01.emas.dbschenker.com:25" >> >> This command works from my COS6 and COS7 hosts. So I don't think it's >> on their end. >> >> which openssl version are you running? >> >> Eric >> > > >
Re: [qmailtoaster] TLS connect failed: timed out
Rajesh, Did you (restart) # qmailctl restart or (stop/start) # qmailctl stop # qmailctl start ? Eric On 4/4/2017 12:13 AM, Rajesh M wrote: eric here are the details [root@ns1 control]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 CONNECTED(0003) read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 00e0 - 48 45 4c 50 0d 0a HELP.. write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f 0060 - 00 01 01 ... TLS 1.2 Handshake [length 005e], ClientHello 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 00:09:04 -0600 Subject: Also run command with -debug and -msg options in red below. # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 On 4/4/2017 12:03 AM, Eric Broch wrote: Rajesh, Please disregard my last question (Does it connect and get full cert details if you use IP address?). "here too, the issue is server side. My mail server is not able to connect to the mail server of hpe.com and send the emails of my clients" Your server is acting as a client in this case by initiating a TLS connection to the domains in question...to deliver mail, correct? Do you have settings in one of your control files to initiate TLS connections with certain domains? "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect mx01.emas.dbschenker.com:25" This command works from my COS6 and COS7 hosts. So I don't think it's on their end. which openssl version are you running? Eric - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC)
Re: [qmailtoaster] TLS connect failed: timed out
eric here are the details [root@ns1 control]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 CONNECTED(0003) read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 00e0 - 48 45 4c 50 0d 0a HELP.. write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f 0060 - 00 01 01 ... >>> TLS 1.2 Handshake [length 005e], ClientHello 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 00:09:04 -0600 Subject: Also run command with -debug and -msg options in red below. # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 On 4/4/2017 12:03 AM, Eric Broch wrote: > Rajesh, > > Please disregard my last question (Does it connect and get full cert > details if you use IP address?). > > "here too, the issue is server side. My mail server is not able to > connect to the mail server of hpe.com and send the emails of my clients" > > Your server is acting as a client in this case by initiating a TLS > connection to the domains in question...to deliver mail, correct? Do > you have settings in one of your control files to initiate TLS > connections with certain domains? > > "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher > "AES256-SHA" -connect mx01.emas.dbschenker.com:25" > > This command works from my COS6 and COS7 hosts. So I don't think it's > on their end. > > which openssl version are you running? > > Eric > -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS connect failed: timed out
Also run command with -debug and -msg options in red below. # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 On 4/4/2017 12:03 AM, Eric Broch wrote: Rajesh, Please disregard my last question (Does it connect and get full cert details if you use IP address?). "here too, the issue is server side. My mail server is not able to connect to the mail server of hpe.com and send the emails of my clients" Your server is acting as a client in this case by initiating a TLS connection to the domains in question...to deliver mail, correct? Do you have settings in one of your control files to initiate TLS connections with certain domains? "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect mx01.emas.dbschenker.com:25" This command works from my COS6 and COS7 hosts. So I don't think it's on their end. which openssl version are you running? Eric -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC)
Re: [qmailtoaster] TLS connect failed: timed out
Rajesh, Please disregard my last question (Does it connect and get full cert details if you use IP address?). "here too, the issue is server side. My mail server is not able to connect to the mail server of hpe.com and send the emails of my clients" Your server is acting as a client in this case by initiating a TLS connection to the domains in question...to deliver mail, correct? Do you have settings in one of your control files to initiate TLS connections with certain domains? "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect mx01.emas.dbschenker.com:25" This command works from my COS6 and COS7 hosts. So I don't think it's on their end. which openssl version are you running? Eric -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS connect failed: timed out
Does it connect and get full cert details if you use IP address? On 4/3/2017 10:49 PM, Rajesh M wrote: eric here too, the issue is server side. My mail server is not able to connect to the mail server of hpe.com and send the emails of my clients i changed the certificates and use your ciphers (restarted qmail), however it still does not connect. it says CONNECTED but no further response. [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect mx01.emas.dbschenker.com:25 CONNECTED(0003) [root@ns1 control]# openssl s_client -connect mx01.emas.dbschenker.com:25 -starttls smtp CONNECTED(0003) if i connect to localhost openssl s_client -connect localhost:25 -starttls smtp i get the full cert details and 250 AUTH LOGIN PLAIN CRAM-MD5 rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 3 Apr 2017 22:20:42 -0600 Subject: Yes, test with your certificate and ciphers. Also use the domain name NOT the IP address. There was a problem several months back that I thought was a TLS issue but ended up being a dns/edns issue. Check the below thread out. It was a server, not client, side issue but might be the problem in your case, just the same: https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40185.html On 4/3/2017 10:15 PM, Rajesh M wrote: eric thanks for your reply these the responses to the mx of hpe.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 15.233.44.29:25 CONNECTED(0003) to the mx of dbschenker.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 62.180.229.52:25 CONNECTED(0003) shall i replace the tlsciphers and check out ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 3 Apr 2017 21:49:05 -0600 Subject: Hi Rajesh, Could you test something like this from qmail host: openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect a...@domain.com:25 BTW these are the ciphers on my my COS 6 host: DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:KRB5-IDEA-CBC-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA Eric On 4/3/2017 8:23 PM, Rajesh M wrote: hi os ; centos 6 qmailtoaster, spamassassin, mysql, dovecot, clam we are suddenly receiving TLS connect failed: timed out error on all our servers running qmail when emails are sent by our customer to the following domains hp.com, hpe.com, dbschenker.com, kamyn.co.ke the authentication by the customer is done correctly, email gets sent from the email client of the customer and emails recd by the server. however the mail lies in the queue till finally it bounces back to the sender with the message TLS connect failed. 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 2017-04-03 15:21:40.916589500 end msg 4468196 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote a...@hpe.com 2017-04-03 15:21:40.869716500 delivery 56232: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote xxx...@hpe.com 2017-04-03 15:21:40.851782500 delivery 56233: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote dfdf...@hpe.com 2017-04-03 15:21:40.876609500
Re: [qmailtoaster] TLS connect failed: timed out
eric here too, the issue is server side. My mail server is not able to connect to the mail server of hpe.com and send the emails of my clients i changed the certificates and use your ciphers (restarted qmail), however it still does not connect. it says CONNECTED but no further response. [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect mx01.emas.dbschenker.com:25 CONNECTED(0003) [root@ns1 control]# openssl s_client -connect mx01.emas.dbschenker.com:25 -starttls smtp CONNECTED(0003) if i connect to localhost openssl s_client -connect localhost:25 -starttls smtp i get the full cert details and 250 AUTH LOGIN PLAIN CRAM-MD5 rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 3 Apr 2017 22:20:42 -0600 Subject: Yes, test with your certificate and ciphers. Also use the domain name NOT the IP address. There was a problem several months back that I thought was a TLS issue but ended up being a dns/edns issue. Check the below thread out. It was a server, not client, side issue but might be the problem in your case, just the same: https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40185.html On 4/3/2017 10:15 PM, Rajesh M wrote: > eric > > thanks for your reply > > these the responses > > to the mx of hpe.com > [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 > -cipher "AES256-SHA" -connect 15.233.44.29:25 > CONNECTED(0003) > > to the mx of dbschenker.com > [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 > -cipher "AES256-SHA" -connect 62.180.229.52:25 > CONNECTED(0003) > > > shall i replace the tlsciphers and check out ? > > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Mon, 3 Apr 2017 21:49:05 -0600 > Subject: > > Hi Rajesh, > > Could you test something like this from qmail host: > > openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" > -connect a...@domain.com:25 > > BTW these are the ciphers on my my COS 6 host: > > DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:KRB5-IDEA-CBC-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA > > > Eric > > > On 4/3/2017 8:23 PM, Rajesh M wrote: >> hi >> >> os ; centos 6 >> qmailtoaster, spamassassin, mysql, dovecot, clam >> >> we are suddenly receiving TLS connect failed: timed out error on all our >> servers running qmail >> >> when emails are sent by our customer to the following domains hp.com, >> hpe.com, dbschenker.com, kamyn.co.ke >> >> the authentication by the customer is done correctly, email gets sent from >> the email client of the customer and emails recd by the server. however the >> mail lies in the queue till finally it bounces back to the sender with the >> message TLS connect failed. >> >> 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 >> 2017-04-03 15:21:40.916589500 end msg 4468196 >> 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote >> a...@hpe.com >> 2017-04-03 15:21:40.869716500 delivery 56232: failure: >> TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; >> _this_message_has_been_in_the_queue_too_long./ >> 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote >> xxx...@hpe.com >> 2017-04-03 15:21:40.851782500 delivery 56233: failure: >> TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; >> _this_message_has_been_in_the_queue_too_long./ >> 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote >>
Re: [qmailtoaster] TLS connect failed: timed out
Yes, test with your certificate and ciphers. Also use the domain name NOT the IP address. There was a problem several months back that I thought was a TLS issue but ended up being a dns/edns issue. Check the below thread out. It was a server, not client, side issue but might be the problem in your case, just the same: https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40185.html On 4/3/2017 10:15 PM, Rajesh M wrote: eric thanks for your reply these the responses to the mx of hpe.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 15.233.44.29:25 CONNECTED(0003) to the mx of dbschenker.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 62.180.229.52:25 CONNECTED(0003) shall i replace the tlsciphers and check out ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 3 Apr 2017 21:49:05 -0600 Subject: Hi Rajesh, Could you test something like this from qmail host: openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect a...@domain.com:25 BTW these are the ciphers on my my COS 6 host: DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:KRB5-IDEA-CBC-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA Eric On 4/3/2017 8:23 PM, Rajesh M wrote: hi os ; centos 6 qmailtoaster, spamassassin, mysql, dovecot, clam we are suddenly receiving TLS connect failed: timed out error on all our servers running qmail when emails are sent by our customer to the following domains hp.com, hpe.com, dbschenker.com, kamyn.co.ke the authentication by the customer is done correctly, email gets sent from the email client of the customer and emails recd by the server. however the mail lies in the queue till finally it bounces back to the sender with the message TLS connect failed. 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 2017-04-03 15:21:40.916589500 end msg 4468196 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote a...@hpe.com 2017-04-03 15:21:40.869716500 delivery 56232: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote xxx...@hpe.com 2017-04-03 15:21:40.851782500 delivery 56233: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote dfdf...@hpe.com 2017-04-03 15:21:40.876609500 delivery 56234: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ this is happening since the last 10 days. There are no error details in the qmail logs. however emails sent from two of our window servers using mailenable, go through correctly to these domains. we have not changed anything on our qmail servers and all servers are identical in config. so it seems that there is common issue between all our qmail servers. our ssl certificates are the self signed ones (validity 10 years) created openssl genrsa -out x.key 2048 openssl req -new -key x.key -out x.csr openssl x509 -req -days 36500 -in x.csr -signkey x.key -out x.crt cat x.crt x.key > fqdn.crt tlsciphers file
Re: [qmailtoaster] TLS connect failed: timed out
eric thanks for your reply these the responses to the mx of hpe.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 15.233.44.29:25 CONNECTED(0003) to the mx of dbschenker.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 62.180.229.52:25 CONNECTED(0003) shall i replace the tlsciphers and check out ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 3 Apr 2017 21:49:05 -0600 Subject: Hi Rajesh, Could you test something like this from qmail host: openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect a...@domain.com:25 BTW these are the ciphers on my my COS 6 host: DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:KRB5-IDEA-CBC-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA Eric On 4/3/2017 8:23 PM, Rajesh M wrote: > hi > > os ; centos 6 > qmailtoaster, spamassassin, mysql, dovecot, clam > > we are suddenly receiving TLS connect failed: timed out error on all our > servers running qmail > > when emails are sent by our customer to the following domains hp.com, > hpe.com, dbschenker.com, kamyn.co.ke > > the authentication by the customer is done correctly, email gets sent from > the email client of the customer and emails recd by the server. however the > mail lies in the queue till finally it bounces back to the sender with the > message TLS connect failed. > > 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 > 2017-04-03 15:21:40.916589500 end msg 4468196 > 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote > a...@hpe.com > 2017-04-03 15:21:40.869716500 delivery 56232: failure: > TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; > _this_message_has_been_in_the_queue_too_long./ > 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote > xxx...@hpe.com > 2017-04-03 15:21:40.851782500 delivery 56233: failure: > TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; > _this_message_has_been_in_the_queue_too_long./ > 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote > dfdf...@hpe.com > 2017-04-03 15:21:40.876609500 delivery 56234: failure: > TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; > _this_message_has_been_in_the_queue_too_long./ > > > this is happening since the last 10 days. There are no error details in the > qmail logs. > > however emails sent from two of our window servers using mailenable, go > through correctly to these domains. > > we have not changed anything on our qmail servers and all servers are > identical in config. > > so it seems that there is common issue between all our qmail servers. > > our ssl certificates are the self signed ones (validity 10 years) created > > openssl genrsa -out x.key 2048 > openssl req -new -key x.key -out x.csr > openssl x509 -req -days 36500 -in x.csr -signkey x.key -out x.crt > cat x.crt x.key > fqdn.crt > > tlsciphers file > >
Re: [qmailtoaster] TLS connect failed: timed out
Here's the man page for openssl: https://linux.die.net/man/1/s_client You can include CAFile and your cipherlist in the openssl command Eric On 4/3/2017 8:23 PM, Rajesh M wrote: hi os ; centos 6 qmailtoaster, spamassassin, mysql, dovecot, clam we are suddenly receiving TLS connect failed: timed out error on all our servers running qmail when emails are sent by our customer to the following domains hp.com, hpe.com, dbschenker.com, kamyn.co.ke the authentication by the customer is done correctly, email gets sent from the email client of the customer and emails recd by the server. however the mail lies in the queue till finally it bounces back to the sender with the message TLS connect failed. 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 2017-04-03 15:21:40.916589500 end msg 4468196 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote a...@hpe.com 2017-04-03 15:21:40.869716500 delivery 56232: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote xxx...@hpe.com 2017-04-03 15:21:40.851782500 delivery 56233: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote dfdf...@hpe.com 2017-04-03 15:21:40.876609500 delivery 56234: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ this is happening since the last 10 days. There are no error details in the qmail logs. however emails sent from two of our window servers using mailenable, go through correctly to these domains. we have not changed anything on our qmail servers and all servers are identical in config. so it seems that there is common issue between all our qmail servers. our ssl certificates are the self signed ones (validity 10 years) created openssl genrsa -out x.key 2048 openssl req -new -key x.key -out x.csr openssl x509 -req -days 36500 -in x.csr -signkey x.key -out x.crt cat x.crt x.key > fqdn.crt tlsciphers file DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5 could somebody help please rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC)
Re: [qmailtoaster] TLS connect failed: timed out
Hi Rajesh, Could you test something like this from qmail host: openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect a...@domain.com:25 BTW these are the ciphers on my my COS 6 host: DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:KRB5-IDEA-CBC-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA Eric On 4/3/2017 8:23 PM, Rajesh M wrote: hi os ; centos 6 qmailtoaster, spamassassin, mysql, dovecot, clam we are suddenly receiving TLS connect failed: timed out error on all our servers running qmail when emails are sent by our customer to the following domains hp.com, hpe.com, dbschenker.com, kamyn.co.ke the authentication by the customer is done correctly, email gets sent from the email client of the customer and emails recd by the server. however the mail lies in the queue till finally it bounces back to the sender with the message TLS connect failed. 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 2017-04-03 15:21:40.916589500 end msg 4468196 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote a...@hpe.com 2017-04-03 15:21:40.869716500 delivery 56232: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote xxx...@hpe.com 2017-04-03 15:21:40.851782500 delivery 56233: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote dfdf...@hpe.com 2017-04-03 15:21:40.876609500 delivery 56234: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ this is happening since the last 10 days. There are no error details in the qmail logs. however emails sent from two of our window servers using mailenable, go through correctly to these domains. we have not changed anything on our qmail servers and all servers are identical in config. so it seems that there is common issue between all our qmail servers. our ssl certificates are the self signed ones (validity 10 years) created openssl genrsa -out x.key 2048 openssl req -new -key x.key -out x.csr openssl x509 -req -days 36500 -in x.csr -signkey x.key -out x.crt cat x.crt x.key > fqdn.crt tlsciphers file DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5 could somebody help please rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC)
[qmailtoaster] TLS connect failed: timed out
hi os ; centos 6 qmailtoaster, spamassassin, mysql, dovecot, clam we are suddenly receiving TLS connect failed: timed out error on all our servers running qmail when emails are sent by our customer to the following domains hp.com, hpe.com, dbschenker.com, kamyn.co.ke the authentication by the customer is done correctly, email gets sent from the email client of the customer and emails recd by the server. however the mail lies in the queue till finally it bounces back to the sender with the message TLS connect failed. 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 2017-04-03 15:21:40.916589500 end msg 4468196 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote a...@hpe.com 2017-04-03 15:21:40.869716500 delivery 56232: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote xxx...@hpe.com 2017-04-03 15:21:40.851782500 delivery 56233: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote dfdf...@hpe.com 2017-04-03 15:21:40.876609500 delivery 56234: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ this is happening since the last 10 days. There are no error details in the qmail logs. however emails sent from two of our window servers using mailenable, go through correctly to these domains. we have not changed anything on our qmail servers and all servers are identical in config. so it seems that there is common issue between all our qmail servers. our ssl certificates are the self signed ones (validity 10 years) created openssl genrsa -out x.key 2048 openssl req -new -key x.key -out x.csr openssl x509 -req -days 36500 -in x.csr -signkey x.key -out x.crt cat x.crt x.key > fqdn.crt tlsciphers file DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5 could somebody help please rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
