do not try TLS with smtp.isp.com ???
Posted: Fri Sep 21, 2007 2:40 am
Hi,
Scalix server is relaying outgoing emails through ISPs SMTP (because of spam filters not trusting our server, or so I recall - this wasn't set up by myself).
For each mail sent, we get two lines such as below in /var/log/maillog:
...
Sep 21 09:25:20 mailserver sendmail[27115]: ruleset=try_tls, arg1=smtp.isp.com, relay=smtp.isp.com, reject=550 5.7.1 <recipient.name@domain.com>... do not try TLS with smtp.isp.com [xxx.xxx.xxx.xxx]
Sep 21 09:25:20 mail1 sendmail[27115]: l8L6PKKN027107: to=<recipient.name@domain.com>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=121082, relay=smtp.isp.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Ok: queued as A18EA526775)
....
It first tries with TLS but cannot connect ("Do not try TLS with xyz..."), then falls back to not use it and the mail gets queued OK.
I'm not happy the server has to do double the work per each sent email and it makes the logs more confusing too.
In both /etc/mail/submit.cf and /etc/mail/sendmail.cf I find the following lines:
...
Stry_tls
SRelayTLS
...
But am not confident enough to mess with them unless I know for sure they are safe to be used to bypass this problem without breaking anything.
Also noticed that file /etc/mail/access has the line:
...
Try_TLS:smtp.isp.com NO
...
This looks like a try to prevent the TLS, but apparently doesn't work?
Any help appreciated, as always!
BR;
Kimmo
Scalix server is relaying outgoing emails through ISPs SMTP (because of spam filters not trusting our server, or so I recall - this wasn't set up by myself).
For each mail sent, we get two lines such as below in /var/log/maillog:
...
Sep 21 09:25:20 mailserver sendmail[27115]: ruleset=try_tls, arg1=smtp.isp.com, relay=smtp.isp.com, reject=550 5.7.1 <recipient.name@domain.com>... do not try TLS with smtp.isp.com [xxx.xxx.xxx.xxx]
Sep 21 09:25:20 mail1 sendmail[27115]: l8L6PKKN027107: to=<recipient.name@domain.com>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=121082, relay=smtp.isp.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Ok: queued as A18EA526775)
....
It first tries with TLS but cannot connect ("Do not try TLS with xyz..."), then falls back to not use it and the mail gets queued OK.
I'm not happy the server has to do double the work per each sent email and it makes the logs more confusing too.
In both /etc/mail/submit.cf and /etc/mail/sendmail.cf I find the following lines:
...
Stry_tls
SRelayTLS
...
But am not confident enough to mess with them unless I know for sure they are safe to be used to bypass this problem without breaking anything.
Also noticed that file /etc/mail/access has the line:
...
Try_TLS:smtp.isp.com NO
...
This looks like a try to prevent the TLS, but apparently doesn't work?
Any help appreciated, as always!
BR;
Kimmo