Issue sending mail to Apple after upgrade to 10.5.12

wmeter · November 28, 2023, 7:57am

Hi,

When I try to send a mail to an @me.com address I get an error message that the other side refused my mail with this error:

5.5.1 Error: send HELO/EHLO first

I am confident that Axigen would normally be so nice to present itself with an HELO or an EHLO anyway, but something might be off re. the encryption changed linked to the OpenSSL upgrade ?

I did not yet notice it with other providers, only Apple so far.

florin.burada · November 28, 2023, 8:45am

Hello @wmeter

Can you provide me the Axigen logs of SMTP Sending (SMTP-OUT) session for this message to @me.com

Regards,
Florin

indreias · November 28, 2023, 8:47am

Hello Willem,

Don’t trust blindly the SMTP reject codes and reasons.

Please set log level to Protocol Communication for SMTP Sending service and check generated logs.

HTH,
Ioan

wmeter · November 28, 2023, 2:19pm

Hi @florin.burada and @indreias

2023-11-28 15:17:55 +0100 08 behemoth SMTP-OUT:00000007: Relay mail 26E746: connecting to 17.57.152.5:25
2023-11-28 15:17:55 +0100 08 behemoth SMTP-OUT:00000007: Relay mail 26E746: connected to 17.57.152.5:25
2023-11-28 15:17:55 +0100 02 behemoth SMTP-OUT:00000007: SSL error remote 17.57.152.5:25, SSL_connect:failed in SSLv3/TLS write client hello
2023-11-28 15:17:56 +0100 08 behemoth SMTP-OUT:00000007: Start sending mail 26E746
2023-11-28 15:17:56 +0100 08 behemoth SMTP-OUT:00000007: Release mail 26E746
2023-11-28 15:17:56 +0100 08 behemoth SMTP-OUT:00000007: Release mail 26E746
2023-11-28 15:17:59 +0100 08 behemoth SMTP-OUT:00000007: RCPT xxxxxx@me.com rejected with message: 5.5.1 Error: send HELO/EHLO first
2023-11-28 15:17:59 +0100 08 behemoth SMTP-OUT:00000007: No RCPT accepted for mail 26E746; aborting transaction
2023-11-28 15:17:59 +0100 08 behemoth SMTP-OUT:00000007: Set recipient xxxxxx@me.com state to RELAY ERROR
2023-11-28 15:17:59 +0100 08 behemoth SMTP-OUT:00000007: Delivery attempt completed for mail 26E746; schedule for cleanup
2023-11-28 15:17:59 +0100 08 behemoth SMTP-OUT:00000007: Set mail state to SENT
2023-11-28 15:17:59 +0100 08 behemoth SMTP-OUT:00000007: Disconnected from 17.57.152.5

When I move the logging level up to protocol I also get this:

2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: >> STARTTLS
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: << 220 2.0.0 Ready to start TLS
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: >> SSL: client hello, remote 17.42.251.62:25, session id aedae7c6c12c8770d365f2140e8e2d647181bdc1f9de09b45bf4f6c8eec3cbbf
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: >> SSL: client hello, remote 17.42.251.62:25, 31 cipher suites: 130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: >> SSL: client hello, remote 17.42.251.62:25, supported version TLS 1.3 (0304) TLS 1.2 (0303) TLS 1.1 (0302) TLS 1.0 (0301)
2023-11-28 15:45:26 +0100 02 behemoth SMTP-OUT:00000008: SSL error remote 17.42.251.62:25, SSL_connect:failed in SSLv3/TLS write client hello
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: << SSL: server hello, remote 17.42.251.62:25, version TLS 1.3 (0304)
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: << SSL: server hello, remote 17.42.251.62:25, session id aedae7c6c12c8770d365f2140e8e2d647181bdc1f9de09b45bf4f6c8eec3cbbf
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: << SSL: server hello, remote 17.42.251.62:25, cipher suite 1302
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: << SSL: server hello, remote 17.42.251.62:25, version TLS 1.2 (0303)
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: << SSL: server hello, remote 17.42.251.62:25, version TLS 1.2 (0303)
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: << SSL: server hello, remote 17.42.251.62:25, version TLS 1.3 (0304)
2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: >> EHLO mailerdnsname

indreias · November 29, 2023, 7:25am

Hello Willem,

Please provide the entire SMTP-OUT:00000008 session and not only part of it because every line it is important.

As you see, the last line you have shared from that session is:

2023-11-28 15:45:26 +0100 16 behemoth SMTP-OUT:00000008: >> EHLO mailerdnsname

so your Axigen server definitely send the EHLO to the remote server.

Now, if the remote server “does not like” the EHLO string your Axigen is presenting with, especially if it is a non FQDN one, than this is another possible situation and it could be corrected, if needed, based on recommendation made at point 2 from this KB.

HTH,
Ioan

wmeter · November 29, 2023, 8:52am

Hi @florin.burada

I changed the dns name more for privacy reasons. Here’s another (now complete) trace. As a new user I cannot add URL’s (or more than 2) so I took the liberty to replace the mail and my fqdn for the mta with a text string…

I have another server on the previous version of Axigen, here mails to Apple still go through w/o trouble.

///

2023-11-29 09:48:22 +0100 08 behemoth SMTP-OUT:0000000C: Relay mail 055BCE: connecting to 17.57.152.5:25
2023-11-29 09:48:22 +0100 08 behemoth SMTP-OUT:0000000C: Relay mail 055BCE: connected to 17.57.152.5:25
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 220 iCloud iscream SMTP proxy - p00-iscream-smtp-5f7d4fdcc9-hr5md 3.5.0 (2403B23-529c1e05a5df)
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: >> EHLO validmtafqdn
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-p00-iscream-smtp-5f7d4fdcc9-hr5md
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-PIPELINING
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-SIZE 28311552
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-ETRN
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-STARTTLS
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-AUTH LOGIN PLAIN ATOKEN
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-ENHANCEDSTATUSCODES
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-8BITMIME
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250-DSN
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 250 CHUNKING
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: >> STARTTLS
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: << 220 2.0.0 Ready to start TLS
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: >> SSL: client hello, remote 17.57.152.5:25, session id e54afd1b64007c0a1c5afc85f1ea7af0204244bcaffd8547be54599b9a2649e3
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: >> SSL: client hello, remote 17.57.152.5:25, 31 cipher suites: 130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff
2023-11-29 09:48:22 +0100 16 behemoth SMTP-OUT:0000000C: >> SSL: client hello, remote 17.57.152.5:25, supported version TLS 1.3 (0304) TLS 1.2 (0303) TLS 1.1 (0302)
2023-11-29 09:48:23 +0100 02 behemoth SMTP-OUT:0000000C: SSL error remote 17.57.152.5:25, SSL_connect:failed in SSLv3/TLS write client hello
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << SSL: server hello, remote 17.57.152.5:25, version TLS 1.3 (0304)
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << SSL: server hello, remote 17.57.152.5:25, session id e54afd1b64007c0a1c5afc85f1ea7af0204244bcaffd8547be54599b9a2649e3
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << SSL: server hello, remote 17.57.152.5:25, cipher suite 1302
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << SSL: server hello, remote 17.57.152.5:25, version TLS 1.2 (0303)
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << SSL: server hello, remote 17.57.152.5:25, version TLS 1.2 (0303)
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << SSL: server hello, remote 17.57.152.5:25, version TLS 1.3 (0304)
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: >> EHLO mtafqdn
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-p00-iscream-smtp-5f7d4fdcc9-hr5md
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-PIPELINING
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-SIZE 28311552
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-ETRN
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-AUTH LOGIN PLAIN ATOKEN
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-ENHANCEDSTATUSCODES
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-8BITMIME
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250-DSN
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250 CHUNKING
2023-11-29 09:48:23 +0100 08 behemoth SMTP-OUT:0000000C: Start sending mail 055BCE
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: >> MAIL FROM: SIZE=2574
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: >> RCPT TO:
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: >> NOOP
2023-11-29 09:48:23 +0100 08 behemoth SMTP-OUT:0000000C: Release mail 055BCE
2023-11-29 09:48:23 +0100 16 behemoth SMTP-OUT:0000000C: << 250 2.1.0 Ok
2023-11-29 09:48:23 +0100 08 behemoth SMTP-OUT:0000000C: Release mail 055BCE
2023-11-29 09:48:25 +0100 16 behemoth SMTP-OUT:0000000C: << 503 5.5.1 Error: send HELO/EHLO first
2023-11-29 09:48:25 +0100 08 behemoth SMTP-OUT:0000000C: RCPT validtomailattarget rejected with message: 5.5.1 Error: send HELO/EHLO first
2023-11-29 09:48:25 +0100 08 behemoth SMTP-OUT:0000000C: No RCPT accepted for mail 055BCE; aborting transaction
2023-11-29 09:48:25 +0100 08 behemoth SMTP-OUT:0000000C: Set recipient state to RELAY ERROR
2023-11-29 09:48:25 +0100 08 behemoth SMTP-OUT:0000000C: Delivery attempt completed for mail 055BCE; schedule for cleanup
2023-11-29 09:48:25 +0100 08 behemoth SMTP-OUT:0000000C: Set mail state to SENT
2023-11-29 09:48:25 +0100 08 behemoth SMTP-OUT:0000000C: Disconnected from 17.57.152.5

indreias · November 29, 2023, 10:23am

Hello @wmeter,

From what I see all looks fine in the shared log but, for some reasons, the remote server is rejecting the SMTP-OUT session after receiving the RCPT TO address (so after STARTTLS is negotiated, EHLO string sent and MAIL FROM accepted).

If you have double-checked the recipient address to be a valid one and you could send messages to it from the other Axigen server you are operating I see no other options but to move this investigation to the support channel so you could safely share the logs and execute any additional tests from the server you have this issue.

BR,
Ioan

wmeter · November 29, 2023, 4:15pm

Hi @indreias

I checked again, used another mail on iCloud but all the same.

I’m a community user, with 5 free accounts. I assume I’m not entitled to support.

Again, so far all fine for all other e-mail providers.

Kind regards,

Willem