Some emails not coming in 'Your connection must be encrypted.'

divinelighting

Verified User
Joined
Mar 17, 2008
Messages
108
I think I've got my secrity settings too high. An email from amazon to me bounced with this error

Action: failed
Status: 5.0.0 (permanent failure)
Remote-MTA: dns; [199.116.112.6]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'Your connection must be encrypted.' (delivery attempts: 0)

Possible culprits: require TLS; use self-authenticated server certificate

If the former, where do I disable require TLS?

Thanks!
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Where did you see this error? If Amazon got this error when they sent you an email, then you must be requiring port 25 submissions be encrypted. Which makes no sense, becuse then all incoming email would fail.

More information needed.

Jeff
 

divinelighting

Verified User
Joined
Mar 17, 2008
Messages
108
I did not get an email from amazon. I'm am viewing the error through their merchant web interface.

I'm definitely getting email from some sources. Not sure how many aren't getting through.
 

divinelighting

Verified User
Joined
Mar 17, 2008
Messages
108
Here is the header from another email a customer tried to send that bounced. Any ideas on how to remove the requirement for encryption?

ID: <12090113-9432-0000-0000-000000AC3F11>
Mail From:
Rcpt To:
Server: [mail.divinelighting.com.]


[<02>] The reason of the delivery failure was:

550 Your connection must be encrypted.
 

divinelighting

Verified User
Joined
Mar 17, 2008
Messages
108
Found a solution. Hope it was the correct solution and not a security risk.


Found this in exim.conf

# Prevents unencrypted mail submission.
accept encrypted = *
drop message = Your connection must be encrypted.
log_message = Connection from \
[$sender_host_address]($authenticated_id) was \
not encrypted.
# Change End

Changed to

# Prevents unencrypted mail submission.
accept encrypted = *
# drop message = Your connection must be encrypted.
# log_message = Connection from \
# [$sender_host_address]($authenticated_id) was \
# not encrypted.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
FYI, this is spamblocker's exim.conf. Will this be overwritten with updates?
It's not in any of the current versions either on my website or on the DirectAdmin website. From where did you get this version? What's the version number?

If you can't find the version number, then please post the top 20 lines of the file.

Thanks.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Nevertheless, I don't believe any versions of SpamBlocker ever released by me have ever had that text, so the question still remains where did you get it?

It shouldn't have been in any version of exim.conf ever distributed by DirectAdmin, and it's not in the distributed file you say you're using, look here.

Where did you get that file? Who made that change?

Hopefully you have good version control on all changes you make on your working server(s). It's important.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Thanks for the clarification. I've added a post to the thread, asking the original poster to clarify where it came from. Hopefully he'll respond, but if not I can edit the post with a warning. Please notify me by posting here again if the original poster to that thread hasn't replied within a week.

Jeff
 
Top