Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » STARTTLS failed on SMTP server
  •  
mrralan

Messages: 151
Karma: 3
Send a private message to this user
I am starting to see the following message in the warning log...

STARTTLS failed on SMTP server mx4.servershost.net: 454 4.3.0 TLS not available due to local problem

The mx can be mx2, mx3 or mx4. Anyone know why this has started?
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
A problem is "local" on remote server Smile - it was reply from remote server.
  •  
timmathews

Messages: 7
Karma: 0
Send a private message to this user
This occurs when you have "Use SSL if supported by remote SMTP server" checked in your SMTP Server //> SMTP Delivery options.
If the receiving server has an issue with the cert, you will get these messages or "errors".
Simply UNCHECK the "Use SSL if supported by remote SMTP server" box and click apply.
Clear your log and watch.
No more issues!
Smile
I wish support would have let someone know.
I was searching all around for the answer and finally figured it out.
So, next time someone is looking, they will find this thread and know how to stop Kerio Connect from giving STARTTLS failed on SMTP server errors.
kerio tls not available due to a local problem
tls not available due to a local problem kerio connect mail server.
Thanks!
Tim
Tim Mathews
Drive Digital Group, LLC
drivedigitalgroup.com
Automotive Dealership Websites
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
timmathews wrote on Thu, 03 January 2013 19:55
T
I wish support would have let someone know.
I was searching all around for the answer and finally figured it out.
So, next time someone is looking, they will find this thread and know how to stop Kerio Connect from giving STARTTLS failed on SMTP server errors.
kerio tls not available due to a local problem
tls not available due to a local problem kerio connect mail server.


This problem has no relation to Kerio Connect - it is on recipient's SMTP server.
By disabling STARTTLS support in Kerio Connect all of your emails will be delivered over Internet in plain and unsecured format.
  •  
timmathews

Messages: 7
Karma: 0
Send a private message to this user
This prevents users from getting their logs slammed with the messages and making them believe there is something wrong in THEIR Kerio Connect.
Never did I say it was a problem with Kerio.
I merely provided the solution no one else would.
  •  
clan

Messages: 232
Karma: 21
Send a private message to this user
Disabling security to keep the log clean is no solution. Did you contact the other servers postmaster to alert them to the problem? If they don't provide a SSL certificate their server should not announce ability to use STARTTLS
  •  
timmathews

Messages: 7
Karma: 0
Send a private message to this user
Disabling it to keep the log clean is not the reason.
I personally disabled it to DELIVER the email that is not being delivered because of this issue.
Perhaps KERIO could attempt to deliver via SSL and if not successful, deliver without to ensure all mail gets DELIVERED.
  •  
timmathews

Messages: 7
Karma: 0
Send a private message to this user
clan wrote on Mon, 07 January 2013 11:11
Did you contact the other servers postmaster to alert them to the problem? If they don't provide a SSL certificate their server should not announce ability to use STARTTLS


Do you have time to contact 50 companies every day to let them know there is a problem with their mail server because they can't receive mail you sent via SSL?
I don't either.
Tim
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
timmathews wrote on Mon, 07 January 2013 15:33
Disabling it to keep the log clean is not the reason.
I personally disabled it to DELIVER the email that is not being delivered because of this issue.
Perhaps KERIO could attempt to deliver via SSL and if not successful, deliver without to ensure all mail gets DELIVERED.


This message is only a warning. The email is still delivered anyway via un-secured transmission if the server rejects STARTTLS command.
So, disabling this option has only an effect that all your emails will be delivered over unsecured channel.

[Updated on: Mon, 07 January 2013 15:57]

  •  
clan

Messages: 232
Karma: 21
Send a private message to this user
timmathews wrote on Mon, 07 January 2013 15:35

Do you have time to contact 50 companies every day to let them know there is a problem with their mail server because they can't receive mail you sent via SSL?
I don't either.

Every day? No, but if something in the logs indicate that the remote side has a configuration problem I invest the 5 minutes it takes to prepare the relevant part of the log, write a sentence or two and send it to postmaster<_at_>other.domain once. Since Kerio falls back to delivering unsecured I would leave it after that. I also wonder how you have 50 companies producing that message every day, I just grepped the mail, error and warning logs of the last couple of months and didn't find a single instance of that message.
  •  
timmathews

Messages: 7
Karma: 0
Send a private message to this user
Good point about investing a minute or two. I would do the same, but as I said, it takes time to email more than a few.
Maybe not 50 every day, but at least 10 daily.
If you sent a high volume of mail, you would see it as well.
We deliver over 50k messages a day. That's not a ton, but enough to get upwards of 50 errors, at this time, there are 10.
Previous Topic: reminder/Notification on a shared calendar?
Next Topic: From address re-write
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Aug 22 07:12:30 CEST 2017

Total time taken to generate the page: 0.00521 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.