SSL Handshake failed

Discussion forum for Enterprise Edition.
Post Reply
Matth
Posts: 133
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

SSL Handshake failed

Post by Matth »

I am having a lot of these messages in the debug log file of the SMTP service.

Code: Select all

09/01/21 10:41:01	[1520] SSL recv failed: 10060.
09/01/21 10:41:01	[1520] SSL_Handshake negotiation failed
09/01/21 10:41:01	ME-E0xxx: [1520] SSL Handshake failed. Closing connection.
These logs show up almost every 30 seconds, so it's not some random thing.

How can I figure out from where these come to either check that specific client, or if it's a third party, to check if something is wrong with my server (or theirs)?
Last edited by Matth on Wed Sep 01, 2021 3:32 am, edited 1 time in total.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL Handshake faile

Post by MailEnable-Ian »

Hi,

Use the socket number [1520] and search within the associated SMTP activity log file for the same socket number and time so that you can see the connecting IP address to give you a clue.
Regards,

Ian Margarone
MailEnable Support

Matth
Posts: 133
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: SSL Handshake faile

Post by Matth »

I assume that would be the 4-digit number in the third column (i.e. 1116, 1256)?

Code: Select all

09/01/21 11:24:38	SMTP-IN	9E83EF39B8404A999C53CF148E2CCE2E.MAI	1116	121.xxx.3.xxx			220 ...
09/01/21 11:24:39	SMTP-IN	9E83EF39B8404A999C53CF148E2CCE2E.MAI	1116	121.xxx.3.xxx	EHLO	EHLO ...
09/01/21 11:24:39	SMTP-IN	9E83EF39B8404A999C53CF148E2CCE2E.MAI	1116	121.xxx.3.xxx	MAIL	MAIL ...
09/01/21 11:25:17	SMTP-IN	D41853DE7159447E89098F4A50642491.MAI	1256	121.xxx.3.xxx			220 ...
09/01/21 11:25:17	SMTP-IN	D41853DE7159447E89098F4A50642491.MAI	1256	121.xxx.3.xxx	EHLO	EHLO ...
09/01/21 11:25:17	SMTP-IN	D41853DE7159447E89098F4A50642491.MAI	1256	121.xxx.3.xxx	MAIL	MAIL ...
Trouble is, the socket numbers with the error in the debug log, don't show in the activity log.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL Handshake failed

Post by MailEnable-Ian »

Hi,

Ok go to the same time in the activity log file. i.e.: 09/01/21 10:41:01
Regards,

Ian Margarone
MailEnable Support

Matth
Posts: 133
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: SSL Handshake failed

Post by Matth »

I did that, the snippets was just an example.

Debug Log

Code: Select all

09/01/21 12:00:36	[1768] SSL recv failed: 10060.
09/01/21 12:00:36	[1768] SSL_Handshake negotiation failed
09/01/21 12:00:36	ME-E0xxx: [1768] SSL Handshake failed. Closing connection.
Activity Log

Code: Select all

09/01/21 11:56:31	SMTP-IN	7B8B5E10C6174B6BAE34441862B5C28A.MAI	1776	209.xxx.167.xxx	QUIT	QUIT	221 Service closing TLS SSL transmission session	50	6		
09/01/21 12:00:52	SMTP-IN	39A3A2AD3C4846E58F7848F196AEC013.MAI	1784	213.xxx.113.xxx			220 ...
09/01/21 12:00:52	SMTP-IN	39A3A2AD3C4846E58F7848F196AEC013.MAI	1784	213.xxx.113.xxx	EHLO	EHLO ...
09/01/21 12:00:52	SMTP-IN	39A3A2AD3C4846E58F7848F196AEC013.MAI	1784	213.xxx.113.xxx	AUTH	AUTH LOGIN	334 ...
09/01/21 12:00:52	SMTP-IN	39A3A2AD3C4846E58F7848F196AEC013.MAI	1784	213.xxx.113.xxx	AUTH	{blank}	334 ...
09/01/21 12:00:52	SMTP-IN	39A3A2AD3C4846E58F7848F196AEC013.MAI	1784	213.xxx.113.xxx	AUTH	{blank}	235 ...
09/01/21 12:00:52	SMTP-IN	39A3A2AD3C4846E58F7848F196AEC013.MAI	1784	213.xxx.113.xxx	QUIT	QUIT	221 Service closing ...
09/01/21 12:03:26	SMTP-IN	FC63171C33C7472BA1C040AECC5063D1.MAI	1816	216.xxx.35.xxx			220 ...
09/01/21 12:03:26	SMTP-IN	FC63171C33C7472BA1C040AECC5063D1.MAI	1816	216.xxx.35.xxx	EHLO	EHLO ...
I added each a line before and after the time to show that there's no socket number [1768] in the activity log. I searched through the whole log, there is no 1768 in the whole activity log.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL Handshake failed

Post by MailEnable-Ian »

Hi,

Ok well the 10060 is indicating a timeout. If you restart the SMTP service and inspect the SMTP debug log file are there any errors after the service restarts in regards to service not being able to bind to the SSL certificate you have set within MailEnable?
Regards,

Ian Margarone
MailEnable Support

Matth
Posts: 133
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: SSL Handshake failed

Post by Matth »

There are no other errors that would indicate a problem with SSL. After all, it looks like other mail is processed normally.

I did find by coincidence the troubling client. It was Parsedmarc that tried to connect without SSL due to a bug. But it would certainly be helpful to have more information in the debug log to investigate.

Post Reply