SMTP Authenication Defaults

hostpanda · December 2, 2016, 11:50am

Hi,
Recently we are getting several errors on the sendmail system with this error:

Technical details of temporary failure:
TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error

I have tried different settings on Nodeworx to tweak the SMTP Auth settings. What are the best working defaults to use with Nodeworx for the best compatibility?

Thanks

d2d4j · December 2, 2016, 12:42pm

Hi hostpanda

I hope your well

Please could I ask if this is on outbound from your server

I ask because this issue may not be your issue, but the of the receiving server, if it is either set to strict or possibly having tls failure (does happen)

You can test by send an email to yourself using tls from an email client - does it kick in the same error

The default SSL settings for qmail/sendmail as set by Iw should be fine and work with most receiving servers, however, if you have tweaked the SSL qmail/sendmail, then it’s possible you have made your server to strict

This error is usually given when the 2 systems cannot settle on a tls cipher to use

I hope that helps, but sorry if I am wrong

Many thanks

John

hostpanda · December 2, 2016, 3:49pm

Hi John
This error occurs when sending mail to the IE server. Could you please post the suggested default settings for SMTP authentication? I have messed with the settings so much i don’t recall the original settings.

Thanks again

d2d4j · December 3, 2016, 2:23am

Hi Hostpanda
Many thanks, and sorry, I was not in a position to find them but here they are. These are the default SSL
I hope that helps
Many thanks
John

tlsserverciphers
HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW
tlsclientciphers
HIGH:MEDIUM:!EDH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP

hostpanda · December 3, 2016, 8:23am

Hi John

Thank you. Not sure where to change or check on those cipher settings. Sorry I was referring to the SMTP-Auth settings within the Nodeworx interface under mail sever settings, MTA. There are drop down boxes for the Auth type and I’m not sure what to set those at for port 25 and port 587.

Thanks

d2d4j · December 3, 2016, 10:33am

Hi Hostpanda
Sorry, please see pic of a default MTA setup.
I would also make sure ports 25 and 587 is open in the firewall, and you can externally connect to it.
I would also probably restart the server, just in case there is something which is stopping it or needs clearing
I hope you do not mind, but I ran a test on your domain, hostpanda, thinking it mught be the server, and your mx3 is showing as -m cannot connect to server - connection refused on IP ending .252, your mx1 and max2 are testing fine, with StartTLS working
I hope that helps a little
Many thanks
John