-
What happened?Hi, From the message Q, we found many failed emails with a common error "TLS error from 'extmx.eyou.com': Handshake failed: received fatal alert: HandshakeFailure" . The domain names (extmx.eyou.com) are different but the rest error message are the same. We have set up STARTTLS to optional and it works for most of the time. How to make it work for all email servers? Thanks Jeff How can we reproduce the problem?I can reproduce the problem by doing the following steps: Versionv0.9.x What database are you using?RocksDB What blob storage are you using?RocksDB Where is your directory located?Internal What operating system are you using?Docker Relevant log outputreceived fatal alert: HandshakeFailure", elapsed = 636ms
Connecting to remote server (delivery.connect) queueId = 195073613995485124, from = "[email protected]", size = 1167, count = 1, domain = "sapo.pt", hostname = "mx.ptmail.sapo.pt", localIp = 0.0.0.0, remoteIp = 212.55.154.36, remotePort = 25, elapsed = 194ms
TLSA record not found (dane.tlsa-record-not-found) queueId = 195073613995485124, from = "[email protected]", size = 1167, count = 1, domain = "sapo.pt", hostname = "mx.ptmail.sapo.pt", strict = false, elapsed = 163ms
Sat, 07 Sep 2024 07:56:48
Error fetching MTA-STS policy (mta-sts.policy-fetch-error) queueId = 195073613995485124, from = "[email protected]", size = 1167, count = 1, domain = "sapo.pt", causedBy = Invalid DNS record type (mail-auth.dns-invalid-record-type), strict = false, elapsed = 155ms
Sat, 07 Sep 2024 07:56:47
Error fetching TLS-RPT record (tls-rpt.record-fetch-error) queueId = 195073613995485124, from = "[email protected]", size = 1167, count = 1, domain = "sapo.pt", causedBy = Invalid DNS record type (mail-auth.dns-invalid-record-type), elapsed = 156ms
Sat, 07 Sep 2024 07:56:47
New delivery attempt for domain (delivery.domain-delivery-start) queueId = 195073613995485124, from = "[email protected]", size = 1167, count = 1, domain = "sapo.pt", count = 56Code of Conduct
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi, All those servers that Stalwart can't successfully connect to over TLS are using insecure cipher suites which are not and will not be supported by rustls (the TLS library used by Stalwart). You need to contact the remote server's administrator so they upgrade their systems or disable TLS for these hosts. |
Beta Was this translation helpful? Give feedback.
-
|
Well, it's impossible to contact each mail server . Why not try the non TLS connection automatically when TLS connection fail? ( since I choose STARTTLS to be optional) And is there a config we could specify which servers shall not use TLS? |
Beta Was this translation helpful? Give feedback.
-
|
That is possible, see this https://stalw.art/docs/smtp/outbound/tls/#handling-tls-errors |
Beta Was this translation helpful? Give feedback.
That is possible, see this https://stalw.art/docs/smtp/outbound/tls/#handling-tls-errors