In over my head!!!

Ruosullivan · 29-09-2010 5:37pm

I have a second problem, and i don't want to push my luck but your advice would be appreciated.

A few emails are getting bounced. The error message reads:

TLS Connect Failed; connected to ***.***.***.*** I'm not going to .................yadda yadda yadda

I've checked the Virtual SMTP Connector and TLS is not selected; however in my research (Dr. Google) i've found someone with a pretty identicle problem. Their solution was to remove the certificate from the SMTP connector properties window.........but would this cause problems elswhere, or is it removing the certificate form this connector only???

The other possible solution was to setup a second connecotr with TLS enabled.........

Whaddia think??

Jumpy · 29-09-2010 7:42pm

Are the bounced emails incoming to you or outgoing to another address?

Is it always the same address or is it random?

Jumpy · 29-09-2010 7:51pm

If its random addresses that used to work, give it a day or two, your MX or A record has recently been changed. Dont quote me on this but I think TLS needs matching MX and Public IPs otherwise it fails. Some servers may not have your updated MX/A yet.

Jumpy · 29-09-2010 7:55pm

I assume you didnt actually change your mx record when the IP changed, just the A record for your mail.companyname.xxx, would I be right?

Ruosullivan · 29-09-2010 9:08pm

Jumpy wrote: »

Are the bounced emails incoming to you or outgoing to another address?

Is it always the same address or is it random?

Incoming.

I've been informed of 4 people who's e-mails are not getting through. i've contacted all 4 to ask if they are getting a bounce message, but only one replied. In his 3 attempts, he only recieved one error message which came a day after sending the message.

They have been using personal e-mail address (yahoo, gmail etc.) to send the e-mail, whcih is pretty inconvenient

Ruosullivan · 29-09-2010 9:09pm

Jumpy wrote: »

If its random addresses that used to work, give it a day or two, your MX or A record has recently been changed. Dont quote me on this but I think TLS needs matching MX and Public IPs otherwise it fails. Some servers may not have your updated MX/A yet.

This problem existed before the A record was changed. The MX record, mail.*****.ie was not changed

Jumpy · 29-09-2010 10:07pm

By the sound of it the other end thinks you are offering TLS. Both sending and receiving servers need it configured.

Has TLS ever worked for you?

ressem · 30-09-2010 1:09pm

It'd help if the full error message was provided.

You can check whether your server is advertising that it supports TLS by bring up a command window and trying to impersonate a mail server

Start> Run> CMD

telnet yourserver 25

This should give you a message like...
220 myserver.ie Microsoft ESMTP MAIL Service, Version: 6.x.x.x

Type
EHLO myclientpc.example.ie

The Server will respond with...

250-myserver.ie Hello [127.0.0.1]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
---
250 OK

If your server is advertising that it supports TLS then one of the lines will be
250 STARTTLS

If it does then perhaps a required certificate has expired.
If it does not then perhaps the sending server is configured to not send mail unless the recipient server supports TLS.

Adding a certificate is found by right clicking on the virtual connector. Click on the 'Access' tab. Click on the 'Certificate' button under Secure Communication.

Ruosullivan · 30-09-2010 10:20pm

ressem wrote: »

If your server is advertising that it supports TLS then one of the lines will be
250 STARTTLS

I rant telnet as described above and "250 STARTTLS" did come up.

2 Questions

1) TLS is not selected in either "Authentication" nor "Outbound Security". Does this matter? Should i select them before working on the certificate

2)If i ignore the tls tick boxes detailed above, and go straight to the certificate, select "Renew", i only have the option to prepair the request and send later. it this right???

Jumpy · 01-10-2010 8:55am

Is it set to required on the Default SMTP Virtual Server?

Ruosullivan · 01-10-2010 1:07pm

Jumpy wrote: »

Is it set to required on the Default SMTP Virtual Server?

Nope!

Jumpy · 01-10-2010 5:07pm

http://thedailyreviewer.com/server/view/tls-not-required-101632665

ressem · 04-10-2010 5:09pm

Can you provide the full text of the TLS error before you try and remove the cert?
The cert might be present due to specific external clients requiring it. We also don't know whether the cert is out of date. Or whether it is self-signed or signed by an external certificate provider.

In over my head!!!

Comments