did anyone knows about the issue, that the TLS handshake failes with Microsoft Outlook Exchange Servers?
Deferred: 403 4.7.0 TLS handshake failed.
This error-message is returned to the sender. If I deactivate TLS, mails come through.
But my TLS seems to be alright. Test is here:
http://www.checktls.com/perl/TestReceiver.pl
Result:
Code: Select all
Checking tb@sitepoint.de
looking up MX hosts on domain "sitepoint.de"
mail.sitepoint.de (preference:10)
mail2.sitepoint.de (preference:15)
Trying TLS on mail.sitepoint.de[62.112.132.25] (10):
seconds test stage and result
[000.106] Connected to server
[000.214] <-- 220 mail.sitepoint.de ESMTP MailEnable Service, Version: 8.60--8.60 ready at 07/09/15 18:14:01
[000.214] We are allowed to connect
[000.215] --> EHLO checktls.com
[000.320] <-- 250-mail.sitepoint.de [69.61.187.232], this server offers 7 extensions
250-AUTH NTLM LOGIN
250-SIZE 52428800
250-HELP
250-AUTH=LOGIN
250-STARTTLS
250-XSAVETOSENT
250 X-SAVETOSENT
[000.320] We can use this server
[000.496] TLS is an option on this server
[000.496] --> STARTTLS
[000.614] <-- 220 Ready to start TLS
[000.614] STARTTLS command works on this server
[000.980] Cipher in use: ECDHE-RSA-AES128-SHA
[000.980] Connection converted to SSL
[001.000]
Certificate 1 of 4 in chain:
subject= /OU=Domain Control Validated/OU=PositiveSSL/CN=mail.sitepoint.de
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
[001.016]
Certificate 2 of 4 in chain:
subject= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
[001.031]
Certificate 3 of 4 in chain:
subject= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
issuer= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
[001.047]
Certificate 4 of 4 in chain:
subject= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
issuer= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
[001.047] Cert VALIDATED: ok
[001.047] Cert Hostname VERIFIED (mail.sitepoint.de = mail.sitepoint.de)
[001.048] ~~> EHLO checktls.com
[001.155] <~~ 250-mail.sitepoint.de [69.61.187.232], this server offers 6 extensions
250-AUTH NTLM LOGIN
250-SIZE 52428800
250-HELP
250-AUTH=LOGIN
250-XSAVETOSENT
250 X-SAVETOSENT
[001.156] TLS successfully started on this server
[001.156] ~~> MAIL FROM:<test@checktls.com>
[001.267] <~~ 250 Requested mail action okay, completed
[001.267] Sender is OK
[001.963] ~~> RCPT TO:<tb@sitepoint.de>
[002.190] <~~ 250 Requested mail action okay, completed
[002.190] Recipient OK, E-mail address proofed
[002.191] ~~> QUIT
[002.296] <~~ 221 Service closing TLS SSL transmission session
Trying TLS on mail2.sitepoint.de[62.112.132.26] (15):
seconds test stage and result
[000.106] Connected to server
[000.646] <-- 220 mail.sitepoint.de ESMTP MailEnable Service, Version: 8.60--8.60 ready at 07/09/15 18:14:04
[000.646] We are allowed to connect
[000.646] --> EHLO checktls.com
[000.751] <-- 250-mail.sitepoint.de [69.61.187.232], this server offers 7 extensions
250-AUTH NTLM LOGIN
250-SIZE 52428800
250-HELP
250-AUTH=LOGIN
250-STARTTLS
250-XSAVETOSENT
250 X-SAVETOSENT
[000.752] We can use this server
[000.752] TLS is an option on this server
[001.345] --> STARTTLS
[001.459] <-- 220 Ready to start TLS
[001.459] STARTTLS command works on this server
[001.806] Cipher in use: ECDHE-RSA-AES128-SHA
[001.806] Connection converted to SSL
[001.824]
Certificate 1 of 4 in chain:
subject= /OU=Domain Control Validated/OU=PositiveSSL/CN=mail.sitepoint.de
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
[001.840]
Certificate 2 of 4 in chain:
subject= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
[001.855]
Certificate 3 of 4 in chain:
subject= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
issuer= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
[002.347]
Certificate 4 of 4 in chain:
subject= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
issuer= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
[002.347] Cert VALIDATED: ok
[002.348] Cert Hostname DOES NOT VERIFY (mail2.sitepoint.de != mail.sitepoint.de)
[002.348] So email is encrypted but the host is not verified
[002.950] ~~> EHLO checktls.com
[003.059] <~~ 250-mail.sitepoint.de [69.61.187.232], this server offers 6 extensions
250-AUTH NTLM LOGIN
250-SIZE 52428800
250-HELP
250-AUTH=LOGIN
250-XSAVETOSENT
250 X-SAVETOSENT
[003.060] TLS successfully started on this server
[003.060] ~~> MAIL FROM:<test@checktls.com>
[003.169] <~~ 250 Requested mail action okay, completed
[003.169] Sender is OK
[003.170] ~~> RCPT TO:<tb@sitepoint.de>
[003.356] <~~ 250 Requested mail action okay, completed
[003.356] Recipient OK, E-mail address proofed
[003.357] ~~> QUIT
[003.830] <~~ 221 Service closing TLS SSL transmission session
Anyone else has this kind of issue? Thank you for your support.
Best regards -
Tom