Exim not all emails coming through

[Machine-Aumix]

one client is having some issues with some providers like booking.com
hes not getting any emails from them and getting the following error
TLS error on connection from mailout-202-r6.booking.com [37.10.30.7] (SSL_accept): ret 5
i added the following to exim.conf hoping to get more results from log file to understand what exactly is the issue
log_selector = \
+tls_certificate_verified \
+tls_cipher \
+tls_peerdn \
+tls_sni \
but error is still the same, i checked all dns records + tls on mail server and all is correct, this issue is only happening with like 1-4 emails such as booking.com
any advice how to solve this ?

 

[Richard G]

any advice how to solve this ?

Do you have a valid FQDN hostname and a ssl certificate for it?

 

[Machine-Aumix]

yes i do

 

[sparek]

What TLS protocols are you accepting?

What ciphers are you accepting?

Run the command:

cat /etc/exim.variables.conf | grep -E "^openssl_options|^tls_require_ciphers"

To show this information.

 

[Machine-Aumix]

openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 +cipher_server_preference
tls_require_ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256

 

[johannes]

try
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:!RC4:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP

 

[Machine-Aumix]

sorry for late reply, and no it didn't work
it is weird that this issue only happening from few emails

 

[Richard G]

Several people are having this, also on cPanel and no solution.
Which is the reason some of us thing the issue is rather on booking.com's site then with cPanel or Directadmin's Exim configuration.