SSL error

Jun 22, 2017

Matt wrote

I am getting this error in my logs for an email address we are having trouble sending to. Any suggestions on what is going on here would be great. The admin on the recieving end sees no connection at all replaced the domain.

22/6/2017 15:23:35.748 - [SMTP MX (1291)] - MX Failed to connect to any MX servers (domain.com) - Uninitialised
22/6/2017 15:23:57.243 - [SMTP Server(SMTP Server) - 19106] SMTP Server - Abort
22/6/2017 15:27:51.565 - [SMTP Server(SMTP Server) - 19112] SMTP Server - Abort
22/6/2017 15:28:37.117 - [SMTP MX (1294)] - SSL Connect failed - 1 2
22/6/2017 15:28:37.117 - [SMTP MX (1294)] - SSL Error Queue - 336122170
22/6/2017 15:28:37.117 - [SMTP MX (1294)] - SSL Not Initialised
22/6/2017 15:28:37.117 - [SMTP MX (1294)] - Smtp send - failed
22/6/2017 15:28:37.461 - [SMTP MX (1294)] - SSL Connect failed - 1 2
22/6/2017 15:28:37.461 - [SMTP MX (1294)] - SSL Error Queue - 336122170
22/6/2017 15:28:37.461 - [SMTP MX (1294)] - SSL Not Initialised
22/6/2017 15:28:37.461 - [SMTP MX (1294)] - Smtp send - failed
22/6/2017 15:28:37.586 - [SMTP MX (1294)] - MX Failed to connect to any MX servers (domain.com) - Uninitialised
22/6/2017 15:29:54.801 - [SMTP MX (1295)] - SSL Connect failed - 1 2
22/6/2017 15:29:54.801 - [SMTP MX (1295)] - SSL Error Queue - 336122170
22/6/2017 15:29:54.801 - [SMTP MX (1295)] - SSL Not Initialised
22/6/2017 15:29:54.801 - [SMTP MX (1295)] - Smtp send - failed
22/6/2017 15:29:54.942 - [SMTP MX (1296)] - SSL Connect failed - 1 2
22/6/2017 15:29:54.942 - [SMTP MX (1296)] - SSL Error Queue - 336122170
22/6/2017 15:29:54.942 - [SMTP MX (1296)] - SSL Not Initialised
22/6/2017 15:29:54.942 - [SMTP MX (1296)] - Smtp send - failed
22/6/2017 15:29:55.114 - [SMTP MX (1295)] - SSL Connect failed - 1 2
22/6/2017 15:29:55.114 - [SMTP MX (1295)] - SSL Error Queue - 336122170
22/6/2017 15:29:55.114 - [SMTP MX (1295)] - SSL Not Initialised
22/6/2017 15:29:55.114 - [SMTP MX (1295)] - Smtp send - failed
22/6/2017 15:29:55.239 - [SMTP MX (1295)] - MX Failed to connect to any MX servers (domain.com) - Uninitialised
22/6/2017 15:29:55.270 - [SMTP MX (1296)] - SSL Connect failed - 1 2
22/6/2017 15:29:55.270 - [SMTP MX (1296)] - SSL Error Queue - 336122170
22/6/2017 15:29:55.270 - [SMTP MX (1296)] - SSL Not Initialised
22/6/2017 15:29:55.270 - [SMTP MX (1296)] - Smtp send - failed

1 Answer

Jun 26, 2017

Paul Smith agent wrote

Hi Matt,

> I am getting this error in my logs for an email address we are having trouble sending to. Any suggestions on what is going on here would be great. The admin on the recieving end sees no connection at all
> replaced the domain.

> 22/6/2017 15:23:35.748 - [SMTP MX (1291)] - MX Failed to connect to any MX servers (domain.com) - Uninitialised
> 22/6/2017 15:28:37.117 - [SMTP MX (1294)] - SSL Connect failed - 1 2
> 22/6/2017 15:28:37.117 - [SMTP MX (1294)] - SSL Error Queue - 336122170
> 22/6/2017 15:28:37.117 - [SMTP MX (1294)] - SSL Not Initialised

This error means that the SSL encryption negotiation with the remote mail server failed. Unfortunate that means that most of what I'm going to write next is a bit technical, because encryption is.

The code 336122170 means "Error:1408D13A:SSL routines:SSL3_GET_KEY_EXCHANGE:unable to find ecdh parameters".

That means that VPOP3 and the remote mail server cannot negotiate ECDH (Elliptic Curve Diffie Hellman) parameters that both VPOP3 and the remote server are happy with. Usually that means that the remote server has a bad ECDH configuration because the sending part of VPOP3 has no requirements for what type of ECDH parameters are used and will accept whatever the server provides.

If the remote server configuration can't be fixed, then you would need to write a custom Lua script for VPOP3 to tell VPOP3 not use use SSL encryption when communicating with that remote server. You would need to write a 'ServerDetails' function in the mxout.lua script - see here for details: https://wiki.pscs.co.uk/reference:lua_smtp_mx_control

Regards

Paul

---
To reply to this message, just reply to this email.