Delivery via TLS not working

Jason Meyer · ‎11-17-2011

Getting the following error:

(DCID 14390733) Message 31196742 to address@domain.com delayed. Reason: 4.1.0 - Unknown address error ('454', ['4.7.0 Failed to establish appropriate TLS channel: UntrustedRoot: Access Denied']) [(\'from\', \'"e-mail address\'), (\'to\', \'e-mail address\\'), (\'subject\', \'11:22\')]

Any thoughts?

Martin Eppler · ‎11-17-2011

Hello Jason,

have you installed a valid SSL/TLS certificate as a delivery_cert (if you use AsyncOS 7.1 and above)? It seems that the destination mailserver cannot verify the certificate you present (either it is self signed or the Root CA you're using is unknown to the destination mail server).

Thanks and regards,

Martin

Jason Meyer · ‎11-17-2011

Hey Martin,

We are currently running AsyncOS 7.5 and do have a valid SSL/TLS certificate. The one caveat is that it is a wildcard certificate. Is it possible that this one domain doesn't accept wildcard certificates?

I currently have outbound e-mail delivery mail flow policies set to preferred TLS and am currently seeing about 60% of the connections making a successful TLS connection.

Thanks for sharing your thoughts it is much appreciated!

Jason

Martin Eppler · ‎11-17-2011

Hello Jason,

it's hard to determine which policy triggers on the destination mail server here, so getting in touch with the postmaster from the receiving domain may be the best approach. Possibly they struggle with verifying the certificate due to lack of RootCA installed on their end.

Thanks and regards,

Martin