Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Support > Archive > MTA-STS failure for gmail.com: STARTTLS not supported

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Support  / Archive  /

MTA-STS failure for gmail.com: STARTTLS not supported

[Reinoehl, Parrish]
Parrish Reinoeh…
Newbie
Newbie
Posts: 22
Parrish Reinoehl - 02:25pm, Jun 29 2020

I just upgraded a customer to Mdaemon v20 this weekend. Today they are having issues with mail delivery failing. It appears to be primarily to gmail.accounts. The error is 'MTA-STS failure for gmail.com: STARTTLS not supported'.
I assume this is due to the new MTA-STS implementation in version 20. I need to resolve this ASAP. At the very least I need to know how to disable MTA-STS on the Mdaemon server side. I dug through all of the settings and found zero mention of MTA-STS anywhere.

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Parrish Reinoehl - Jun 29, 2020 8:23 pm (#1 Total: 5)  

 

Photo of Author
Parrish Reinoeh…
Newbie
Newbie
Posts: 22
I believe I know what the root cause of this failure is. Since upgrading to version 20 STARTTLS no longer works. Mdaemon shows that it's active and is using the correct certificate. STARTTLS was working correctly before the upgrade to version 20.

Edit: in looking at the old logs for the previous 19.5.5 install I can see that STARTTLS was not functioning there either. But mail would send- just without using TLS. So something is going on- the STARTTLS command never appears in the handshake at all. I've verified that the option for STARTTLS is enabled in Mdaemon as well as verifying the ports are open and accessible through the firewall. The certificate being used is a Comodo cert- although I also tried a self signed cert with the same results. Strange thing is if I telnet in to the server at port 465 (be it from an external connection or an internal connection) I can see it connects and the data is encrypted as the telnet connection just goes to a blinking underscore. So TLS is running. Just something is going on that prevents the STARTTLS command from initiating.
Lastly, when I use tools like MXtoolbox and some other STARTTLS testing tools they all come back failing with TLS not being offered.

[Last Editor: Parrish Reinoehl, Jun 29, 2020 10:39 pm. Total Edits: 1]

Parrish Reinoehl - Jun 29, 2020 11:04 pm (#2 Total: 5)  

 

Photo of Author
Parrish Reinoeh…
Newbie
Newbie
Posts: 22
One more update. I read through the v20 release notes and found where the controls for MTA-STS (as well as REQUIRETLS). I disabled MTA-STS and email is now flowing again to gmail.
But I still need to resolve the issue with STARTTLS not being advertised. Any ideas with this? I do want to use TLS and MTA-STA (for obvious reasons).

Arron Caruth - Jun 30, 2020 7:10 am (#3 Total: 5)  

Guest User  

Photo of Author
Posts: 1

Can you post a log snippet of your server trying to send to gmail when MTA-STS was enabled and the session was failing?

 

Can you post a snippet of your server now that shows STARTTLS not being advertised?

 

In MDaemon under, Security / Security Manager  / SSL & TLS / MDaemon, can you post a screen shot of the check boxes at the top so we can see which ones are currently enabled?

 

> I do want to use TLS and MTA-STA (for obvious reasons).

 

I highly recommend that we try to fix the issues you were seeing instead of simply disabling these features.

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of lists-md-support@mdaemon.com (Parrish Reinoehl)
Sent: Monday, June 29, 2020 11:04 PM
To: md-support@mdaemon.com
Subject: [md-support] MTA-STS failure for gmail.com: STARTTLS not supported

 

One more update. I read through the v20 release notes and found where the controls for MTA-STS (as well as REQUIRETLS). I disabled MTA-STS and email is now flowing again to gmail.
But I still need to resolve the issue with STARTTLS not being advertised. Any ideas with this? I do want to use TLS and MTA-STA (for obvious reasons).


View/reply at MTA-STS failure for gmail.com: STARTTLS not supported

 
 
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------



  (newer msg:2)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.