We were getting TLS errors in logs,
Unable to perform STARTTLS
Because of this, emails are not going out for some domains,
Current TLS settings,
I was following below mentioned guide, but whenever I tried to add cipher and certificate file it gives me an error, the site can not be reached.
Cipher : ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Certtificate : axigen_cert.pem
https://www.axigen.com/knowledgebase/How-to-configure-the-TLS-settings-for-SMTP-incoming-and-outgoing-in-Axigen-iX-9-0-and-X-10-0-for-compatibility-with-older-mail-servers_342.html
Is there is any way to add this using SSH?
Hi,
still same issue, when trying to add these values its givng me below mentioned error,
@indreias need your input…
Hello,
First of all you have to login into the WebAdmin interface.
If this action fails (even in an incognito browser tab or after you have restarted Axigen service) than we need to resolve this issue first.
If the WebAdmin interface is working and you could login than navigate to Security & Filtering > Acceptance & Routing > Routing basic settings > Outgoing delivery settings
In this section:
- enable TLS1.0
- use the following Cipher suite:
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
- save configuration
Note: all of the above are mentioned in the Configure the outgoing TLS settings for compatibility section of the KB you have referred
HTH,
Ioan
same issue, page break
for now i added a custom rule to resolved my issue for a particular domain,
-
navigate into the Webadmin interface to Security & Filtering -> Acceptance & Routing -> Advanced Settings
-
click the ‘Add Acceptance / Routing Rule’ button
-
write a suggestive name for the rule
-
in the Conditions section add the following two conditions:
select -> Recipient -> Domain -> add the condition -> select ‘Is’ from the combo box -> write Name_of_the_domain in the combo box
select -> Delivery -> Relaying mail -> add the condition
-
select at the top of the ‘Conditions’ section ‘For incoming messages that match’ -> ‘ALL of the conditions below’ (instead of the default ANY)
-
in the Actions section select Settings -> Allow StartTLS -> add the action. Do not tick the check-box next to ‘Allow StartTLS’
-
save the rule