Wednesday , January 23 2019

NDR from Gmail to Exchange Servers –TLS Negotiation failed

Only Gmail to Exchange was throwing NDR –

TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error

We were using IMSVA – Interscan Messaging Security Virtual Appliance for Anti-Spam

Went to http://checktls.com/

Verified TLS is ok – if not please fix them

Note : most of them wont have a Valid cert on the SMPT level , please ignore if you get the the cert error . as it’s a wild card cert applied in this environment everything says OK

image

 

Solution –

Raising a Ticket with Trend Micro They gave a Patch –

Some message digest algorithms are not supported during TLS communication in IMSVA 9.0.
This hot fix upgrades the OpenSSL version in IMSVA 9.0 to enable it to support these message digest algorithms.

Applied the Hotfix –  IMSVA 9.0.0.1510

image

Administration – End User Quarantine – Redistribute – Refreshed all the services

image

Now Gmail to Exchange servers Mail flow is normal !

 

NDR Information on Gmail – –

This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
Test@careexchange.in
Message will be retried for 2 more day(s)
Technical details of temporary failure:
TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error
—– Original message —–
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=Xq6cM0BHS/l8MJ4WYJNApvWzwZ/O8qe78VP1gy/BoaU=;
        b=vYdhhQdLa16iWPEvnjxOj0BrgSx7JM039VGxvfSwbC42tvV+62gtxeZjFA05+fXlux
         +bC3Qa5OsvqliBLGKwTwgsP8Pa+MAJoQwO22lOisXKWdqr2WEhN03kcmFwRNcCl5cvby
         E178c/OpEqBHSJdm/dsdfsdfsdgsdwesdf/nkIb6
         fMCz5aGx4QzqsLtdn5ThfEVL+ggAuczJ0TkI5kLJVK7LwFOc3OEejFBIDZX2t5nHx8jz
         gIKiPwODAVTwSyhVS55pYjSJ/jqS8HFwRWFamWB/osZzXYfZpUdVqKejOSDg5CDBpQsp
         3bBA==
MIME-Version: 1.0
X-Received: by 10.13.130.239 with SMTP id m78m435337939ioi.18.14467543592436;
Thu, 05 Nov 2015 00:08:12 -0800 (PST)
Received: by 10.33.33.149 with HTTP; Thu, 5 Nov 2015 00:08:12 -0800 (PST)
Date: Thu, 5 Nov 2015 12:08:12 +0400
Message-ID: <CAHHVjUV=VVrtJR4_QUic5ks95L363563mBb5YGRp_bPbRA@mail.gmail.com>
Subject: T1
From: Sam <test@gmail.com>
To: Administrator <test@careexchange.in>
Content-Type: multipart/alternative; boundary=001a113f000cd65650523c6a040

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Exchange Server MVP , Publisher of CareExchange.in
Supporting/Deploying/Designing Microsoft Exchange for some years.
Extensive experience on Microsoft Technologies.

Check Also

Windows Server 2016 Activation via Phone

Install Product Key Create Installation ID – Split the digits like 3765111 1729914 6850651 4457015 ...

One comment

  1. Hi satheshwaran

    i have facing this problem after changing ISP , i am using antispam Agent
    when enabling IP Block list Provider cannot able to receive emails.

    thanks

Leave a Reply

Your email address will not be published.