Mailing List CGatePro@mail.stalker.com Message #106230
From: Marcel Hochuli <mhochuli@a-f.ch>
Subject: Re: SMTP incoming SSL problems
Date: Tue, 25 Oct 2016 14:35:00 +0000
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Danke Christoph

Funktioniert wunderbar.

Ich bin gespannt, welche modernen MTAs nun keine E-Mail mehr von der Site empfangen wollen, weil die alte TLS-Variante aktiv ist…



Gruss
Marcel

_______________________________________



> Am 25.10.2016 um 15:24 schrieb Christoph Roethlisberger <christoph.roethlisberger@iway.ch>:
>
> Hi
>
> You most likely need to enable "CBC Ciphers for old TLS" in that case.
> This is also required to communicate with the GMail servers for example, as otherwise there seems to be no compatible ciphers between CGPro and GMail.
>
> regards
> Christoph Roethlisberger
>
> ---------------------------------------------------------
> iway AG
> christoph.roethlisberger@iway.ch -:- http://www.iway.ch
> ---------------------------------------------------------
>
>
> Tuesday, October 25, 2016, 3:17:47 PM, you wrote:
>
>> Hi,
>
>> I have the same problem on an installation with CGP 6.1.6.
>
>> "Accept SSLv2 'hello'" is already enabled!
>
>> I raised logging of TLS to max and got the following lines:
>
>> 15:04:50.090 4 SMTPI-593379([46.14.xx.xx]:59235) [192.168.xx.xx]:25 <- [46.14.xx.xx]:59235 incoming connection(mydomain.dom)
>> 15:05:17.092 5 SMTPI-593379([46.14.xx.xx]:59235) out: 220 mydomain.dom ESMTP CommuniGate Pro 6.1.6\r\n
>> 15:05:17.112 5 SMTPI-593379([46.14.xx.xx]:59235) inp: EHLO mail.yourdomain.dom
>> 15:05:17.166 5 SMTPI-593379(mail.yourdomain.dom) out: 250-mydomain.dom is pleased to meet you\r\n250-DSN\r\n250-SIZE 31457280\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n
>> 15:05:17.191 5 SMTPI-593379(mail.yourdomain.dom) inp: STARTTLS
>> 15:05:17.191 5 SMTPI-593379(mail.yourdomain.dom) out: 220 please start a TLS connection\r\n
>> 15:05:17.211 5 SMTPI-593379 TLS inp(157): 16 03 01 00 98 01 00 00 94 03 01 25 36 4E BE 2F B4 5E 90 07 A8 96 50 B6 3E F7 C1 98 6F 01 23 4B E3 FF 4E 96 C2 EA 78 79 FD 14 B8 00 00 26 C0 14 C0 0A C0 0F C0 05 00 39 C0 13 C0 09 C0 0E C0 04 00 33 C0 12 C0 08 C0 0D C0 03 00 16 00 35 00 2F 00 0A 00 FF 01 00
>> 15:05:17.211 4 SMTPI-593379 TLSvX h-inp (148): client_hello
>> 15:05:17.211 5 SMTPI-593379 unknown TLS client extension 0xF (1)
>> 15:05:17.411 5 SMTPI-593379 TLS out<21> (2): 02 2F
>> 15:05:17.411 5 SMTPI-593379 handshaker released
>> 15:05:17.411 3 SMTPI-593379(mail.yourdomain.dom) failed to accept a secure connection for DOMAIN(mydomain.dom). Error Code=none of client TLS cipher methods is supported
>> 15:05:17.411 5 SMTPI-593379 TLS out<21> (2): 02 0A
>> 15:05:17.411 5 SMTPI-593379 TLS released
>> 15:05:17.411 4 SMTPI-593379(mail.yourdomain.dom) closing connection
>> 15:05:17.411 4 SMTPI-593379(mail.yourdomain.dom) releasing stream
>
>
>> What else to enable / disable?
>
>
>> Marcel
>
>
>> +---
>> mailto:mhochuli@a-f.ch
>> otherto:noway@a-f.ch
>> _______________________________________
>
>
>
>>> Am 25.04.2016 um 16:20 schrieb Technical Support <support@stalker.com>:
>
>>> Hello,
>
>>> On 2016-04-21 21:34, Kurt Albershardt wrote:
>>>> I'm getting these in the logs from a couple of providers and can't find
>>>> any references to the string online:
>
>>>> ....failed to accept a secure connection for DOMAIN(nv.net). Error
>>>> Code=SSLv2 hello is not supported
>
>>> For this one enable "Accept SSLv2 'hello'" in WebAdmin -> Settings -> General -> Other -> TLS Sessions.
>
>>> --
>>> Best regards,
>>> Dmitry Akindinov
>
>>> =======================================================================
>>> When answering to letters sent to you by the tech.support staff, make
>>> sure the original message you have received is included into your
>>> reply.
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster