Axigen v 10.3 TLS issue

Support General Configuration
1

We were getting TLS errors in logs,

Unable to perform STARTTLS

Because of this, emails are not going out for some domains,

Current TLS settings,

image
image691×308 7.18 KB

I was following below mentioned guide, but whenever I tried to add cipher and certificate file it gives me an error, the site can not be reached.

Cipher : ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Certtificate : axigen_cert.pem

https://www.axigen.com/knowledgebase/How-to-configure-the-TLS-settings-for-SMTP-incoming-and-outgoing-in-Axigen-iX-9-0-and-X-10-0-for-compatibility-with-older-mail-servers_342.html

Is there is any way to add this using SSH?

2

Please use the cipher mentioned in below link:
https://www.axigen.com/documentation/a-grade-ssl-listeners-p3277035

3

Hi,

still same issue, when trying to add these values its givng me below mentioned error,

image

4

@indreias need your input…

5

Hello,

First of all you have to login into the WebAdmin interface.

If this action fails (even in an incognito browser tab or after you have restarted Axigen service) than we need to resolve this issue first.

If the WebAdmin interface is working and you could login than navigate to Security & Filtering > Acceptance & Routing > Routing basic settings > Outgoing delivery settings
In this section:

  • enable TLS1.0
  • use the following Cipher suite: ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
  • save configuration

Note: all of the above are mentioned in the Configure the outgoing TLS settings for compatibility section of the KB you have referred

HTH,
Ioan

6

same issue, page break

for now i added a custom rule to resolved my issue for a particular domain,

  • navigate into the Webadmin interface to Security & Filtering -> Acceptance & Routing -> Advanced Settings

  • click the ‘Add Acceptance / Routing Rule’ button

  • write a suggestive name for the rule

  • in the Conditions section add the following two conditions:

select -> Recipient -> Domain -> add the condition -> select ‘Is’ from the combo box -> write Name_of_the_domain in the combo box

select -> Delivery -> Relaying mail -> add the condition

  • select at the top of the ‘Conditions’ section ‘For incoming messages that match’ -> ‘ALL of the conditions below’ (instead of the default ANY)

  • in the Actions section select Settings -> Allow StartTLS -> add the action. Do not tick the check-box next to ‘Allow StartTLS’

  • save the rule