TLS connect failed error from qmail

[PersianC]

I receive this message in response of sending email using qmail to many email addresses.

I read that is from TLS problem in remote server and not my server ( http://kb.odin.com/article_22_1035_en.html )

but when I check remote server with telnet, it has 250-STARTTLS, so how this is from remote server but telnet respond correct result!?

error message:
Hi. This is the qmail-send program at server1.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
TLS connect failed; connected to x.y.z.z.
I'm not going to try again; this message has been in the queue too long.


server information:
Debian Lenny, Plesk 9.3

 

[IgorG]

Are you sure that SMTPS port 465 is started and not firewalled on your server?

 

[PersianC]

there is not SMTPS service in service managment in plesk. but port is open in APF.

 

[IgorG]

Did you checked possibility for connection to 465 port with telnet, for example?

 

[PersianC]

thank your for reply.

I just turned off APF and checked it.
here is it:

root@server1:/# telnet [myip] 465
Trying [myip]...
Connected to [myip].
Escape character is '^]'.
ehlo

I wait for 1 minute and then send quit, here is result:

quit
454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)
Connection closed by foreign host.

 

[IgorG]

http://kb.odin.com/en/1035

 

[PersianC]

http://kb.odin.com/en/1035

thank you but I couldn't find useful information on that article.

 

[IgorG]

But maybe problem in destination mailserver? Did you checked it as it is described in KB article?

 

[esbon]

I have a similar prolem. Although everything works on 25 (starttls) it does not work on port 465 and I get the same error: 454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)

 

[GreenDev]

Same problem

Hello,

i've the same problem !!

no solution ???

 

[Dmitriy Biryukov]

help!

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 proton-m01.sarbc.ru ESMTP
ehlo
250-proton-m01.sarbc.ru
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
STARTTLS
220 ready for tls


454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)



openssl s_client -starttls smtp -showcerts -connect localhost:25
CONNECTED(00000003)
22598:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
22598:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1293:
22598:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_PRINTABLE
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=value, Type=X509_NAME_ENTRY
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=issuer, Type=X509_CINF
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=cert_info, Type=X509
22598:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 lib:s3_clnt.c:923:


what to do ?

 

[esbon]

I used to have that problem, but at some point I switched to postfix, and now even port 465 works correctly. My guess is that when I switched, new binaries without the problem were installed

 

[Emmanuel_Pando]

knows somebody the answer? I have the same problem :/