[180467] in North American Network Operators' Group
Re: Verizon FiOS outbound mail TLS problem - Superpages people here?
daemon@ATHENA.MIT.EDU (Blake Hudson)
Thu Jun 4 12:46:26 2015
X-Original-To: nanog@nanog.org
Date: Thu, 04 Jun 2015 11:46:35 -0500
From: Blake Hudson <blake@ispn.net>
To: nanog@nanog.org
In-Reply-To: <22667917.183.1433434544723.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces@nanog.org
I have no relation, but as a mail server operator I can say that I
wouldn't be surprised if this is actually a TLS version mismatch or
intolerance problem. I would suggest ensuring that both ends support TLS
1.0, 1.1, and 1.2 and use version tolerant TLS implementations. Next on
the short list would be not having compatible cyphers between the two
servers.
Either way, since the error was a 403 error, the expected behavior would
be to queue and retry in plain text; Sounds like a broken MTA
implementation or misconfiguration if the sending servers do not revert
to plain text.
--Blake
Jay Ashworth wrote on 6/4/2015 11:15 AM:
> Anyone on the list who does outbound delivery for Verizon (which I think
> is actually Superpages)? A client has smart-hosted outbounds to *one*
> of his customers bouncing suddenly with
>
> Deferred: 403 4.7.0 TLS handshake failed.
>
> *My* inclination is to think that a cert expired somewhere, but his non-tech
> contact there tells him that the tech people think things are ok.
>
> I'm trying to get a mailer log fragment from them.
>
> Cheers,
> -- jra
>
