Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Inbound mail gets "Deferred: 403 4.7.0 TLS handshake failed."

Discussion in 'E-mail Discussion' started by thepossum, Feb 23, 2018.

  1. thepossum

    thepossum Member

    Joined:
    Jun 19, 2014
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I've installed a brand new cpanel server onto a CloudLinux machine. Inbound email is failing due to TLS.

    Remote end says:

    220-cpanel.domain ESMTP Exim 4.89_1 #1 Fri, 23 Feb 2018 10:00:51 -0500
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    >>> EHLO machine.domain
    250-cpanel.domain Hello machine.domain [ip.ip.ip.ip]
    250-SIZE 52428800
    250-8BITMIME
    250-PIPELINING
    250-STARTTLS
    250 HELP
    >>> STARTTLS
    220 TLS go ahead
    name@clientdomain... Deferred: 403 4.7.0 TLS handshake failed.
    Closing connection to clientdomain.

    local cpanel exim_mainlog says:

    2018-02-23 10:00:31 SMTP connection from [ip.ip.ip.ip]:50917 (TCP/IP connection count = 2)
    2018-02-23 10:00:51 TLS error on connection from machine.domain [ip.ip.ip.ip]:50917 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    2018-02-23 10:00:51 TLS client disconnected cleanly (rejected our certificate?)
    2018-02-23 10:00:51 SMTP connection from machine.domain [ip.ip.ip.ip]:50917 closed by EOF
     
  2. thepossum

    thepossum Member

    Joined:
    Jun 19, 2014
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Solved:

    SOLVED - Unable to send emails properly

    As for the email, your clients might be trying to access your server using
    an older connection type -- TLS1 or TLS1.1. These 2 options were enabled by
    default in versions prior to 68.

    For an immediate fix, you can turn the security of your email server down to
    the old defaults by going to WHM >> Service Configuration >> Exim Service
    Manager and searching for the "Options for OpenSSL" parameter.

    Setting this option to " +no_sslv2 +no_sslv3 " will give you older, less
    secure v66 defaults.​
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,247
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm glad to see you were able to determine the cause of issue. Thank you for sharing the outcome.
     
Loading...

Share This Page