Logout

Alt-N Discussion Groups > Discussions > need help with ssl errors for outbound emails

 [F] Alt-N Discussion Groups  / Discussions  /

need help with ssl errors for outbound emails

[Comandi, Marco]
Marco Comandi
Newbie
Newbie
Posts: 6
Marco Comandi - 01:56pm, Apr 29 2019

Hi all

I need help with a strange problem affecting a MDaemon 18.5.3 installation on recently upgraded Windows Server 2012 R2 virtual machine.

Everything worked fine until, some days ago, in the weekend, I installed a Root CA in my Windows Domain, precisley where it's installed MDaemon.

From that time, every email going out it's stopped by Amazon AWS's relay server (which we use to send emails) stating multiple causes.

I will post some logs:

02: (-- 250-email-smtp.amazonaws.com
02: (-- 250-8BITMIME
02: (-- 250-SIZE 10485760
02: (-- 250-STARTTLS
02: (-- 250-AUTH PLAIN LOGIN
02: (-- 250 Ok
03: --) STARTTLS
02: (-- 220 Ready to start TLS
Socket connection closed by the other side (how rude!)
Socket error 10053 - Connection abort.
Connection closed

or

02: (-- 250-AUTH PLAIN LOGIN
02: (-- 250 Ok
03: --) STARTTLS
02: (-- 220 Ready to start TLS
04: * SSL negotiation failed, error code 0x90317
04: * 176.34.134.214 added to temporary SSL white list, will retry delivery soon

when host is added to whitelist, every mail is going to be rejected because aws supports only TLS on port 587.

The thing I have noticed is that, every time an error for an outbound email is logged in MDaemon console, a SChannel error is logged in Windows Event Console. I will report one, they are all identical

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Needed to be said: an SChannel error was logged sometimes every 2 or 3 days, by Windows, purely randomly, even before CA deployment. And very very rarely one or two times it crashed the entire Windows Server, forcing it to reboot the virtual machine.

Please I need support.
Thanks!

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Tyler Davis - Apr 30, 2019 12:27 pm (#1 Total: 3)  

Alt-N Technical Support  

Photo of Author
Tyler Davis
Frequent
Frequent
Posts: 259

MDaemon
RelayFax
SecurityGateway
Outlook Connector
SecurityPlus
ProtectionPlus
WebAdmin
This is happening for all settings trying to connect using STARTTLS, correct?

Was the new certificate selected and services restarted in the SSL&TLS menu?

http://help.altn.com/mdaemon/en/index.html?ssl_mdaemon.htm

When everything was working fine, where you using STARTTLS and another certificate or was SSL/TLS/STARTTLS disabled? If enabled, was the prior certificate a self signed certificate or was it signed by a certificate authority?

Is the new certificate from an authority or is it self signed as well? If the original certificate was self signed and the new certificate was from an certificate authority, did you install the certificate in the same location as the self signed?

--
Tyler Davis
MDaemon Technologies
https://www.mdaemon.com

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion. MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------

Marco Comandi - Apr 30, 2019 2:20 pm (#2 Total: 3)  

 

Photo of Author
Marco Comandi
Newbie
Newbie
Posts: 6
This is happening for all settings trying to connect using STARTTLS, correct? YES but only for OUTBOUND emails, i have no problem in receiving.

Was the new certificate selected and services restarted in the SSL&TLS menu? no, I didnt touch that section, I think I was using a self signed cert. signed by mdaemon

When everything was working fine, where you using STARTTLS and another certificate or was SSL/TLS/STARTTLS disabled? I was using STARTTLS for sure because my relay (aws) requires it
 If enabled, was the prior certificate a self signed certificate or was it signed by a certificate authority? I think self signed, but we are talking about outbound emails, I guess cert does not apply for outbound emails

Is the new certificate from an authority or is it self signed as well? If the original certificate was self signed and the new certificate was from an certificate authority, did you install the certificate in the same location as the self signed? Cant tell, but I tried many differents settings in SSL&TLS section, everything withou luck...

Tyler Davis - May 2, 2019 3:58 pm (#3 Total: 3)  

Alt-N Technical Support  

Photo of Author
Tyler Davis
Frequent
Frequent
Posts: 259

MDaemon
RelayFax
SecurityGateway
Outlook Connector
SecurityPlus
ProtectionPlus
WebAdmin
If you navigate to the Security / Security Settings / SSL & TLS / MDaemon section, create a self signed certificate, and select it for the server to use. Are you getting the same errors?

If so, can you copy the SMTP-(in) and/or SMTP-(out) log files from the /MDaemon/Logs directory and submit them to us using the support request link below for further review?

--
Tyler Davis
MDaemon Technologies
https://www.mdaemon.com

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion. MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.