?: Tom Rymes trymes@rymes.com <CGatePro@mail.stalker.com>
??: Re: TLS Issues since installing 6.1.17
??: Tue, 29 Aug 2017 13:14:38 -0400
?: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Now that I have posted to the list, I found this message from 2013. Can anyone confirm whether this is still recommended practice? I frankly am not sure what this setting is even controlling and what the downsides to disabling it might be:



On 08/29/2017 12:58 PM, Tom Rymes trymes@rymes.com wrote:

I have had two messages that I sent to myself from a gmail account bounce back due to a TLS issue since upgrading to 6.1.17 recently. The error I receive in the bounce notice is:

"Diagnostic-Code: smtp; TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error"

I have also noticed a lot of these entries in the logs:
"00:03:19.492 3 SMTPI-012109(mail-pg0-f73.google.com) failed to accept a secure connection for DOMAIN(rymes.com). Error Code=wrong issuer for client TLS certificate"

Here is the entire transcript of that connection:

00:04:51.812 4 SMTPI-012119([]:35366) []:25 <- []:35366 incoming connection(rymes.com)
00:05:11.986 5 SMTPI-012119([]:35366) out: 220 rymes.com ESMTP CommuniGate Pro 6.1.17\r\n
00:05:12.023 5 SMTPI-012119([]:35366) inp: EHLO mail-io0-f179.google.com
00:05:12.024 5 SMTPI-012119(mail-io0-f179.google.com) out: 250-rymes.com is pleased to meet you\r\n250-DSN\r\n250-SIZE\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n
00:05:12.062 5 SMTPI-012119(mail-io0-f179.google.com) inp: STARTTLS
00:05:12.062 5 SMTPI-012119(mail-io0-f179.google.com) out: 220 please start a TLS connection\r\n
00:05:13.000 2 TLS-016266 created(TLSv1.2,ECDHE_AES128_SHA) for SMTPI-012119
00:05:13.385 2 TLS-016266 closed by SMTPI-012119
00:05:13.385 3 SMTPI-012119(mail-io0-f179.google.com) failed to accept a secure connection for DOMAIN(rymes.com). Error Code=wrong issuer for client TLS certificate
00:05:13.385 4 SMTPI-012119(mail-io0-f179.google.com) closing connection
00:05:13.385 4 SMTPI-012119(mail-io0-f179.google.com) releasing stream

Has anyone else seen this, and how should I proceed?


??(FEED) ??(DIGEST) ??(INDEX) ??? ?? Listmaster