TLS currently unavailable

[Luana Premoli]

Hi,

I have a server that does not receive Gmail messages.

The error returned in the gmail account is:

===========================================

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

     [email protected]

Message will be retried for 0 more day(s)

Technical details of temporary failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [108.179.xxx.xx].

The error that the other server returned was:
454 TLS currently unavailable


----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to;
        bh=IdIvgCNZtijiYn742fQ8C2LMYqrkz/dXJ3+oaYXeU2M=;
        b=wIz8P/ho7a+KE+TmU+yX/PpQuwI3ffYBWnyBLYV8oT5bRWyBmHqwF5pyTCclo6n
         GRRKtbgI0uUdFoTu5urdomCIkG+rEsV7lmgIdsSqqcgr0fjgZfQau+a7WmMU96YHxeM7
         hZkv0WZem4V5QPZUhdvpYypQcLZ55r7n2DvjXnYynXqnS980G9tNRpjwd0fRQDYF7
         kt8xJ0PHv8k/3O1GvgBAorqFfaji+uwTt4ILq9h7ZP5z8tWMMaC3q5awOWyAeLHtEjX9
         UNIc221aMehfsgqTjAHXHtjTKseu/OaYOjNCeUFLt5j5DXOeeRN0WCjZXs90pbMkm4E5
         W9rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=IdIvgCNZtijiYn742fQ8C2LMYqrkz/dXJ3+oaYXeU2M=;
        b=WsgJwn+CwveicfP25b8tBt3+bPMxStTJwIbRtJrVrrIuw/t3S9xDbYlcfZrE01+f+b
         NbU/T2mICYDqSU45pqjScp7kJbWQhtNgNHmwcrnDnovRxTxKnp2SgjdTogi7n5f
         Dcda3u2acwSS4goU0alOngubQBe1MqqBYmnOKwMMxIRVKXiz1yvuKQz6L8WxI
         tV4Zua9dWUjbRJbgqCZql8B0pjJCyrEJO3SBt4ZJOJmKJzC1/DlWbp8DX9QzENtBFmGY
         +vbtLqE4GpPg/CvIjGdaUgsfh4q4FG9EQiYRgsHiqXan9SE9O4ON/ygS4t0Y
         Z7og==
X-Gm-Message-State: AA6/9Rn+hrIaUv9Q6w6JyWfMBt4hiL9wC0VlWMvdm5xvkDc6sOgHCILFPG21dfBgoiMLd2yzNk3vXI7ow==


===========================================

By giving reset certificate in Exim (SMTP) Server by WHM » Home »ServiceConfiguration» Manage Service SSL Certificates, receipt of gmail is normalized, but after 24 hours the problem back.


Before making the "reset certificate", the log /var/log/exim_mainlog shows:

2016-10-03 12:14:18 TLS error on connection from nov-007-i612.relay.mailchannels.net [46.232.183.166]:14697 I=[108.179.194.38]:25 (SSL_CTX_use_certificate_chain_file file=/etc/exim.crt): error:0200100D:system library:fopen:Permission denied
2016-10-03 12:18:26 TLS error on connection from mail-yb0-f173.google.com [209.85.213.173]:34781 I=[108.179.194.38]:25 (SSL_CTX_use_certificate_chain_file file=/etc/exim.crt): error:0200100D:system library:fopen:Permission denied
2016-10-03 12:18:47 TLS error on connection from mail-io0-f179.google.com [209.85.223.179]:33181 I=[108.179.194.38]:25 (SSL_CTX_use_certificate_chain_file file=/etc/exim.crt): error:0200100D:system library:fopen:Permission denied

-----------------------------

[email protected] [~]# grep tls_advertise_hosts /etc/exim.conf
tls_advertise_hosts = *
[email protected] [~]#

[email protected] [~]# grep tls_certificate /etc/exim.conf
tls_certificate = ${if exists {/etc/mail_sni_map} {${extract{crtfile}{${lookup {$tls_sni} lsearch {/etc/mail_sni_map} {$value}}}{$value}{/etc/exim.crt}}} {/etc/exim.crt}}
[email protected] [~]#

-----------------------------

Anyone have any idea what can be?


Tks.

 

[cPanelMichael]

Hello,

Could you open a support ticket using the link in my signature so we can take a closer look and see what's happening? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[Luana Premoli]

Hi,

At this time it appears that the issue was due to a recent update which broke the symlink permissions for /var/cpanel/ssl/exim/.


From:

drwxr-xr-x 2 root root 4096 Aug 15 12:57 exim/

To:

drwxr-xr-x 2 mailnull mail 4096 Aug 15 12:57 exim/

Tks.