Inbound mail gets "Deferred: 403 4.7.0 TLS handshake failed."

thepossum

Member
Jun 19, 2014
12
1
53
cPanel Access Level
Root Administrator
I've installed a brand new cpanel server onto a CloudLinux machine. Inbound email is failing due to TLS.

Remote end says:

220-cpanel.domain ESMTP Exim 4.89_1 #1 Fri, 23 Feb 2018 10:00:51 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
>>> EHLO machine.domain
250-cpanel.domain Hello machine.domain [ip.ip.ip.ip]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 HELP
>>> STARTTLS
220 TLS go ahead
[email protected] Deferred: 403 4.7.0 TLS handshake failed.
Closing connection to clientdomain.

local cpanel exim_mainlog says:

2018-02-23 10:00:31 SMTP connection from [ip.ip.ip.ip]:50917 (TCP/IP connection count = 2)
2018-02-23 10:00:51 TLS error on connection from machine.domain [ip.ip.ip.ip]:50917 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2018-02-23 10:00:51 TLS client disconnected cleanly (rejected our certificate?)
2018-02-23 10:00:51 SMTP connection from machine.domain [ip.ip.ip.ip]:50917 closed by EOF
 

thepossum

Member
Jun 19, 2014
12
1
53
cPanel Access Level
Root Administrator
Solved:

SOLVED - Unable to send emails properly

As for the email, your clients might be trying to access your server using
an older connection type -- TLS1 or TLS1.1. These 2 options were enabled by
default in versions prior to 68.

For an immediate fix, you can turn the security of your email server down to
the old defaults by going to WHM >> Service Configuration >> Exim Service
Manager and searching for the "Options for OpenSSL" parameter.

Setting this option to " +no_sslv2 +no_sslv3 " will give you older, less
secure v66 defaults.​
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

I'm glad to see you were able to determine the cause of issue. Thank you for sharing the outcome.