It does work up to that point, yes.
Code: Select all
220 domain.com ESMTP MailEnable Service, Version: 10.31--10.31 ready at 10/15/21 2
3:16:36
ehlo
250-domain.com [::1], this server offers 7 extensions
250-AUTH NTLM CRAM-MD5 LOGIN
250-SIZE 0
250-HELP
250-AUTH=LOGIN
250-STARTTLS
250-XSAVETOSENT
250 X-SAVETOSENT
starttls
220 Ready to start TLS
454 TLS not available due to temporary reason
After that, it lost the connection to the host and I was back at the DOS prompt. But when I tried again the
Code: Select all
openssl s_client -connect mail.domain.com:25 -starttls smtp
from a non-local Linux machine, it takes a very long time and eventually it comes back with this error:
Code: Select all
140240614282560:error:0200206E:system library:connect:Connection timed out:../crypto/bio/b_sock2.c:110:
140240614282560:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=110
After searching for the above error:0200206E I found a page that claimed it was not working from their provider side. So I just tried it from my office computer and ran the same Linux openssl command and received the following success message:
Code: Select all
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = domain.com
verify return:1
---
Certificate chain
0 s:CN = domain.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF...
...ZhC8QiNrAJHiLbmGGOURiiV0yqNcZUf8j
-----END CERTIFICATE-----
subject=CN = domain.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3736 bytes and written 488 bytes
Verification: OK
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 3072 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 5604000001A692984BB...198148A6198DBF4F9B77
Session-ID-ctx:
Master-Key: 3977ACFE09FA588E....7CA9313689EAA5859CEC7DA
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1634311560
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
250 X-SAVETOSENT
read:errno=0
So it seems it is working, it is just my home network is somehow blocking this. Strange enough.
Thanks for your help.