New problem solver
•
10 Messages
Sendmail Error: stat=Deferred: 403 4.7.0 TLS handshake failed.
Hi All,
Was wondering if anyone could help me with an issue I'm having setup up sendmail in linux. What I'd like to do is be able to send emails from my home to my outlook.com personal email address. I've setup sendmail the best that I could but am seeing the folwoing error come up when I try to send an email to the SMTP server using my comcast business credentials:
stat=Deferred: 403 4.7.0 TLS handshake failed.
I have installed a cert that I've signed using my own self-signed CA... I hope I don't need to get a comerical SSL cert to be able to send emails to myself. Can anyone shed some light on what I need to go look for? I'm fairly technically adept but I'm lost when it comes to email 🙂 Please let me know if I can provide more useful information.
Test Mail Output:
joe@torrent:/usr/local/share/ca-certificates$ echo "Subject: test" | /usr/lib/sendmail -v markgraf@outlook.com
markgraf@outlook.com... Connecting to [127.0.0.1] via relay...
220 torrent.markgraf.us ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Mon, 27 Apr 2015 23:09:58 -0700; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
>>> EHLO torrent.markgraf.us
250-torrent.markgraf.us Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO torrent.markgraf.us
250-torrent.markgraf.us Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:
250 2.1.0
>>> RCPT To:
>>> DATA
250 2.1.5
354 Enter mail, end with "." on a line by itself
>>> .
050
050 220 businessclass.comcast.net ESMTP mail service ready
050 >>> EHLO torrent.markgraf.us
050 250-omta02.potomac.co.businessclass.comcast.net hello [96.89.136.105], pleased to meet you
050 250-HELP
050 250-AUTH LOGIN PLAIN
050 250-SIZE 30000000
050 250-ENHANCEDSTATUSCODES
050 250-8BITMIME
050 250-STARTTLS
050 250 OK
050 >>> STARTTLS
050 220 Go ahead
050
250 2.0.0 t3S69wIn004992 Message accepted for delivery
markgraf@outlook.com... Sent (t3S69wIn004992 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 torrent.markgraf.us closing connection
Syslog Entries:
Apr 27 23:08:41 torrent sendmail[2487]: t3S68fKo002487: from=joe, size=14, class=0, nrcpts=1, msgid=<201504280608.t3S68fKo002487@torrent.markgraf.us>, relay=joe@localhost
Apr 27 23:08:41 torrent sm-mta[2488]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Apr 27 23:08:41 torrent sendmail[2487]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Apr 27 23:08:41 torrent sm-mta[2488]: t3S68fpm002488: from=
Apr 27 23:08:41 torrent sm-mta[2488]: STARTTLS=client, error: connect failed=0, SSL_error=5, errno=0, retry=-1
Apr 27 23:08:41 torrent sm-mta[2488]: ruleset=tls_server, arg1=SOFTWARE, relay=smtp.w14d.comcast.net, reject=403 4.7.0 TLS handshake failed.
Apr 27 23:08:41 torrent sm-mta[2488]: t3S68fpm002488: to=
Accepted Solution
joemarkgraf
New problem solver
•
10 Messages
9 years ago
Hi Comcast_john,
As the log above indicates the authenication wouldn't happen until TLS is established. I do however have my comcast business credentials in the auth portion of sendmail config. Bottom line is that the SMTP server doesn't like TLS handshake from linux. Don't know why and there is no indication from my end why the connection is terminated other than it's the handshake. I am going to assume that it's an issue with self signed certs but that is just a guess.
The solution that is now working for me is to disable TLS for sendmail. Less secure but it works. Wish I knew why TLS bombs out on the SMTP server's side.
For anyone that this might help- add thsi line to your /etc/mail/access config file to disable TLS:
Try_TLS: NO
Thanks!
0
VBSSP-RICH
Advocate
•
1.4K Messages
9 years ago
Hello joemarkgraf and welcome,
If you are trying to set up a Comcast Business Class Portal (BCP) email account within your linux environment, you first need to log into your BCP email account preferrably within the administrators email account, then under Manage Services.Email, click on the View DNS Settings link. This will display all the WEB and/or Exchange email incoming (POP)/ outgoing (SMTP) addresses that will be required to configure any other email application. This is predominately dorected at MicroSoft Outlook, but I know other mail application customers who have been successful in using these. So, you might want to at least try to see if this works for you linux environment.
Hope this helps you out.
0
0
joemarkgraf
New problem solver
•
10 Messages
9 years ago
Hi VBSSP-RICH,
I am connecting to smtp.w14d.comcast.net. port 587 as required in my DNS Settings page.
I can establish the connection but it's terminated when the TLS handshake occurs. As posted above, my logs don't indicate any reason or cause of the handshake failure.
Do you know how I would contact someone who has access to the exchange side of the logs?
Thanks!
0
0
VBSSP-RICH
Advocate
•
1.4K Messages
9 years ago
Your smtp.w14d.comcast.net. port 587 (or port 465) outgoing requires SSL encrypted connection handshaking not TLS.
0
0
CC_John
Advocate
•
1.9K Messages
9 years ago
HI joemarkgraf. Can you verify that you are authenticating with your comcastbiz.net email address or an email address associated with a valid Comast hosted domain?
Thank You
0
0