STARTTLS available Verdict: Test error. Please try again later.
-
Hi,
On internet.nl it is possible to test mail server configs. However since some months, STARTTLS is nog longer being tested correctly.
Error:
Technical details error from internet.nl
Mail server (MX) STARTTLS
mail.leverland.it. not testableSame goes for Mdaemon.com. (*bad score btw) https://internet.nl/mail/mdaemon.com/1067620/
Is there some log which i,m able to view to see if somethings wrong with my config ?
Mdaemon V23.5.0 ( fully up to date)
Settings
Enabled SSL, STARTTLS and STLS
Enabled SMTP server sends mail using STARTTLS when possible
SMTP server requires STARTTLS on MSA Port
Certificate is valid.
-
Arron Staff
I don't see any details on internet.nl that explains why they consider it untestable. I ran the test against our server and found this in the log:
Wed 2023-11-15 15:05:38.418: [05103535] <-- STARTTLS
Wed 2023-11-15 15:05:38.418: [05103535] --> 220 2.7.0 Ready to start TLS
Wed 2023-11-15 15:05:38.663: [05103535] SSL negotiation successful (TLS 1.2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
Wed 2023-11-15 15:05:39.129: [05103535] Connection closed
Wed 2023-11-15 15:05:39.129: [05103535] SMTP session terminated (Bytes in/out: 406/3454)So they are connecting and negotiating the TLS session.
I'd reccomend contacting internnet.nl to find out why they consider it untestable.
-
I,ve already contacted them. Normally it,s quitte a good tool and especially for tuning your secure mailserver, however at this moment something is wrong with testeing STARTTSL. I,ll keep you updated if I get a valid answer/solution.
-
Hi Arron,
Got a answer of one of the people involved.
mxsasha commented 19 hours agoThe most common cause by far is rate limiting, which we are especially likely to trigger as we will set up some invalid TLS connections.
https://github.com/internetstandards/Internet.nl/issues/1183
Is there something we can do at server level to prevent rate limiting ?
-
Arron Staff
I checked our logs and can't find any instance where MDaemon blocked a connection from their IP. Do your MDaemon logs show that connecctions are being blocked from their IP?
You'll want to check the inbound SMTP, Dynscrn, and system log for connections being rejected from their IP. If your server is blocking the connections, then please post a log snippet that shows us what is happening. Based on the log snippet and the error being returned we should be able to figure out which settings are causing it.