On 10/5/2022 5:04 PM, Steve Fairhead wrote:
> I have several OpenBSD email servers, some elderly (Sendmail) and some
> brand-spanking new (smtpd). Recently I've noticed that some (of both
> kinds) are failing to deliver mail to some major UK ISPs. (Mostly
> domestic; business ISPs not so much.)
>
> For Sendmail, the error is "TLS handshake failed"; for smtpd, it's
> "Network error on destination MXs".
"TLS handshake failed" usually means a TLS cipher mismatch, but maybe
they're requiring a valid public certificate. You can also use
testssl.sh to see what ciphers they're actually using.
Check the logs and do a tcpdump of one of the failed connections. One
of those should tell you directly what's wrong.
No comments:
Post a Comment