• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

TLS connect failed error from qmail

P

PersianC

Guest
I receive this message in response of sending email using qmail to many email addresses.

I read that is from TLS problem in remote server and not my server ( http://kb.odin.com/article_22_1035_en.html )

but when I check remote server with telnet, it has 250-STARTTLS, so how this is from remote server but telnet respond correct result!?

error message:
Hi. This is the qmail-send program at server1.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<info@domain.com>:
TLS connect failed; connected to x.y.z.z.
I'm not going to try again; this message has been in the queue too long.


server information:
Debian Lenny, Plesk 9.3
 
Are you sure that SMTPS port 465 is started and not firewalled on your server?
 
there is not SMTPS service in service managment in plesk. but port is open in APF.
 
Did you checked possibility for connection to 465 port with telnet, for example?
 
thank your for reply.

I just turned off APF and checked it.
here is it:

root@server1:/# telnet [myip] 465
Trying [myip]...
Connected to [myip].
Escape character is '^]'.
ehlo

I wait for 1 minute and then send quit, here is result:

quit
454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)
Connection closed by foreign host.
 
But maybe problem in destination mailserver? Did you checked it as it is described in KB article?
 
I have a similar prolem. Although everything works on 25 (starttls) it does not work on port 465 and I get the same error: 454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)
 
help!

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 proton-m01.sarbc.ru ESMTP
ehlo
250-proton-m01.sarbc.ru
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
STARTTLS
220 ready for tls


454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)



openssl s_client -starttls smtp -showcerts -connect localhost:25
CONNECTED(00000003)
22598:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
22598:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1293:
22598:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_PRINTABLE
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=value, Type=X509_NAME_ENTRY
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=issuer, Type=X509_CINF
22598:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=cert_info, Type=X509
22598:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 lib:s3_clnt.c:923:


what to do ?
 
I used to have that problem, but at some point I switched to postfix, and now even port 465 works correctly. My guess is that when I switched, new binaries without the problem were installed
 
You must log in or register to reply here.

Similar threads

M
Issue Mail issue: Remote server returned '554 5.7.4 < # 5.7.4 SMTP; 554 5.7.4 failed to deliver message via SSL/TLS. >' -lost connection after STARTTLS from
Replies
1
Views
846
scsa20
scsa20
R
Issue Unable to connect to FTP via
Replies
4
Views
849
kilowhisky65
K
weareimpulse
Question Allow remote connections from any host, not working
Replies
2
Views
749
weareimpulse
weareimpulse
F
Issue Troubleshooting Email Delivery Issues in Plesk Obsidian on Ubuntu 22.04
Replies
7
Views
1K
FreeRoaming
F
K
Resolved Plesk panel update fails with "certificate has expired"
Replies
3
Views
617
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top