-----Original Message-----
From: Anand Buddhdev
Sent: Thursday, February 12, 2004 3:09 PM
There is probably an obvious fix for this, but I'm noticing that
emails to a particular domain are failing. I'm receiving
the following in the diagnostics output:
I0 P mail.sarc.org [207.215.13.60]
I0 S STARTTLS
I0 T smtp
I0 R 454 4.3.3 TLS not available
I checked to confirm that the *_TLS_REQUIRED option is NOT
set in my
config files, except for emstpd-msa (for secure access for clients
that login in remote and relay). So what might be happening here?
The TLS_REQUIRED option refers to the esmtp *server* of
courier. But that's not your problem. Your problem is that
the courier esmtp
*client* is seeing STARTTLS in the list of capabilities
advertised by the remote host, trying to use TLS, and failing
because the remote host doesn't actually support TLS despite
advertising it. The remote host is misconfigured.
... And is likely a MS Exchange server without its security certificates
properly installed.
There is a known bug with Exchage in that it will advertise capabilities
that it subsequently decides it can't fulfill.
You can override this in 2 ways:
1. Stop the esmtp client from trying TLS completely by
disabling it in the courierd control file.
2. Use the esmtproutes file to selectively disable TLS for
certain domains. Read the manual pages for details.
3. Persuading the other end that their server/certificates need attention.
Option 2 is probably the most efficient!
Malc.
4 messages in net.sourceforge.lists.courier-usersRE: [courier-users] Odd sendmail issue
