1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

TLS connect failed error from qmail

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by PersianC, Mar 1, 2010.

  1. PersianC

    PersianC Guest

    0
     
    I receive this message in response of sending email using qmail to many email addresses.

    I read that is from TLS problem in remote server and not my server ( http://kb.odin.com/article_22_1035_en.html )

    but when I check remote server with telnet, it has 250-STARTTLS, so how this is from remote server but telnet respond correct result!?

    error message:
    Hi. This is the qmail-send program at server1.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <info@domain.com>:
    TLS connect failed; connected to x.y.z.z.
    I'm not going to try again; this message has been in the queue too long.


    server information:
    Debian Lenny, Plesk 9.3
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,547
    Likes Received:
    1,240
    Location:
    Novosibirsk, Russia
    Are you sure that SMTPS port 465 is started and not firewalled on your server?
     
  3. PersianC

    PersianC Guest

    0
     
    there is not SMTPS service in service managment in plesk. but port is open in APF.
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,547
    Likes Received:
    1,240
    Location:
    Novosibirsk, Russia
    Did you checked possibility for connection to 465 port with telnet, for example?
     
  5. PersianC

    PersianC Guest

    0
     
    thank your for reply.

    I just turned off APF and checked it.
    here is it:

    root@server1:/# telnet [myip] 465
    Trying [myip]...
    Connected to [myip].
    Escape character is '^]'.
    ehlo

    I wait for 1 minute and then send quit, here is result:

    quit
    454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)
    Connection closed by foreign host.
     
  6. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,547
    Likes Received:
    1,240
    Location:
    Novosibirsk, Russia
  7. PersianC

    PersianC Guest

    0
     
  8. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,547
    Likes Received:
    1,240
    Location:
    Novosibirsk, Russia
    But maybe problem in destination mailserver? Did you checked it as it is described in KB article?
     
  9. esbon

    esbon Basic Pleskian

    24
    23%
    Joined:
    Sep 16, 2006
    Messages:
    66
    Likes Received:
    0
    I have a similar prolem. Although everything works on 25 (starttls) it does not work on port 465 and I get the same error: 454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)
     
  10. GreenDev

    GreenDev Guest

    0
     
    Same problem

    Hello,

    i've the same problem !!

    no solution ???
     
  11. Dmitriy Biryukov

    Dmitriy Biryukov Guest

    0
     
    help!

    telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 proton-m01.sarbc.ru ESMTP
    ehlo
    250-proton-m01.sarbc.ru
    250-AUTH=LOGIN CRAM-MD5 PLAIN
    250-AUTH LOGIN CRAM-MD5 PLAIN
    250-STARTTLS
    250-PIPELINING
    250 8BITMIME
    STARTTLS
    220 ready for tls


    454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)



    openssl s_client -starttls smtp -showcerts -connect localhost:25
    CONNECTED(00000003)
    22598:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
    22598:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1293:
    22598:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_PRINTABLE
    22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=value, Type=X509_NAME_ENTRY
    22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
    22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
    22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=issuer, Type=X509_CINF
    22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=cert_info, Type=X509
    22598:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 lib:s3_clnt.c:923:


    what to do ?
     
  12. esbon

    esbon Basic Pleskian

    24
    23%
    Joined:
    Sep 16, 2006
    Messages:
    66
    Likes Received:
    0
    I used to have that problem, but at some point I switched to postfix, and now even port 465 works correctly. My guess is that when I switched, new binaries without the problem were installed
     
  13. Emmanuel_Pando

    Emmanuel_Pando New Pleskian

    3
    60%
    Joined:
    Mar 2, 2015
    Messages:
    5
    Likes Received:
    0
    Location:
    Durango, Mexico
    knows somebody the answer? I have the same problem :/
     
Loading...