Incoming TLS problems
Posted on 2014-02-28
I've got a bit of an odd problem with TLS email.
It works from some senders, but not others.
From one of the senders that's not working, I get EHLO, STARTTLS, STARTTLS, MAIL, RCPT then QUIT. No DATA. It just quits out.
The only NDR I've had sent to me showed a 4.4.2 error from Postfix. "Lost connection while sending MAIL FROM".
Other servers use TLS with no issues, and a check of the received mail's headers shows that the session was over a secure channel, so TLS is presumably working correctly there. Outbound TLS seems unaffected (We have two SMTP connectors on each server - one with specified domains that supports TLS and one without for the rest.)
My workaround has been to disable TLS every few hours for a short while to let retried mails in without TLS - this is definitely NOT a preferred solution! :)
The thing that's odd - it's affecting two SMTP servers (both Exchange 2003) in different offices. I could accept one server having a bad day or two, but two at the same time?
And it was working normally until recently! :s
The certificates have been renewed (they weren't too far away from expiry anyway) and CheckTLS,com and MXToolbox,com don't flag any problems when TLS is enabled. They didn't show any problems beforehand, either. There have been no significant changes to either SMTP server. Certainly nothing that would affect SMTP and TLS.
Diagnostics Logging for Exchange Transport is on maximum, but gives me nothing about these problems.
Has anyone seen a similar problem to this? Is it possible it's an ISP issue? The one thing both servers have in common is they're both on the same ISP.
Any help or insight would be welcome.