Wednesday , October 23 2019

NDR from Gmail to Exchange Servers –TLS Negotiation failed

Only Gmail to Exchange was throwing NDR –

TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error

We were using IMSVA – Interscan Messaging Security Virtual Appliance for Anti-Spam

Went to http://checktls.com/

Verified TLS is ok – if not please fix them

Note : most of them wont have a Valid cert on the SMPT level , please ignore if you get the the cert error . as it’s a wild card cert applied in this environment everything says OK

image

 

Solution –

Raising a Ticket with Trend Micro They gave a Patch –

Some message digest algorithms are not supported during TLS communication in IMSVA 9.0.
This hot fix upgrades the OpenSSL version in IMSVA 9.0 to enable it to support these message digest algorithms.

Applied the Hotfix –  IMSVA 9.0.0.1510

image

Administration – End User Quarantine – Redistribute – Refreshed all the services

image

Now Gmail to Exchange servers Mail flow is normal !

 

NDR Information on Gmail – –

This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
Test@careexchange.in
Message will be retried for 2 more day(s)
Technical details of temporary failure:
TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error
—– Original message —–
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=Xq6cM0BHS/l8MJ4WYJNApvWzwZ/O8qe78VP1gy/BoaU=;
        b=vYdhhQdLa16iWPEvnjxOj0BrgSx7JM039VGxvfSwbC42tvV+62gtxeZjFA05+fXlux
         +bC3Qa5OsvqliBLGKwTwgsP8Pa+MAJoQwO22lOisXKWdqr2WEhN03kcmFwRNcCl5cvby
         E178c/OpEqBHSJdm/dsdfsdfsdgsdwesdf/nkIb6
         fMCz5aGx4QzqsLtdn5ThfEVL+ggAuczJ0TkI5kLJVK7LwFOc3OEejFBIDZX2t5nHx8jz
         gIKiPwODAVTwSyhVS55pYjSJ/jqS8HFwRWFamWB/osZzXYfZpUdVqKejOSDg5CDBpQsp
         3bBA==
MIME-Version: 1.0
X-Received: by 10.13.130.239 with SMTP id m78m435337939ioi.18.14467543592436;
Thu, 05 Nov 2015 00:08:12 -0800 (PST)
Received: by 10.33.33.149 with HTTP; Thu, 5 Nov 2015 00:08:12 -0800 (PST)
Date: Thu, 5 Nov 2015 12:08:12 +0400
Message-ID: <CAHHVjUV=VVrtJR4_QUic5ks95L363563mBb5YGRp_bPbRA@mail.gmail.com>
Subject: T1
From: Sam <test@gmail.com>
To: Administrator <test@careexchange.in>
Content-Type: multipart/alternative; boundary=001a113f000cd65650523c6a040

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Save Public IPs using F5 LTM Policies

F5 has different modules and one of them is LTM – Local Traffic Manager . ...

One comment

  1. Hi satheshwaran

    i have facing this problem after changing ISP , i am using antispam Agent
    when enabling IP Block list Provider cannot able to receive emails.

    thanks

Leave a Reply

Your email address will not be published.