To clarify, that comment was referring to the case presented by the original poster and may or may not apply to the second case.
I am using Mercury 4.8 with SSL enabled on MercuryE. I had a message fail delivery, and this is the error message:
------------------------------<wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">------------------------------</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">-------</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">*** </span><a style="color: rgb(17, 85, 204); font-family: arial, sans-serif; font-size: 12.8px;" mce_href="mailto:service@relaxedheatingandair.com" href="mailto:service@relaxedheatingandair.com">service@relaxedheatingandair.<wbr>com</wbr></a><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">Auto-failing primary server '50.20.30.21' - marked as bad.</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">Auto-failing alternate server '50.20.30.21' - marked as bad.</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">------------------------------</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">------------------------------</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;">-------</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px;"><p>I looked in the MercuryE log, and it attempted multiple times to deliver this message, and each time it had this same error. What does this mean? It looks like MercuryE is failing without trying because it thinks the IP address is bad for some reason? Does this have anything to do with the SSL option being enabled?</p><p> </p><p>UPDATE: I turned on session logging, and re-sent the email. This is what is shown in the session log:</p><p>08:31:26.674: --- 18 Feb 2016, 8:31:26.674 ---</p><p>08:31:26.799: Connect to '50.20.30.21', timeout 60 seconds.</p><p>08:31:27.799: >> 220 mx1.cbeyond.com ESMTP<cr><lf></p><p>08:31:27.799: << EHLO mail.handyaddressbook.com<cr><lf></p><p>08:31:28.361: >> 250-mx1.cbeyond.com<cr><lf></p><p>08:31:28.361: >> 250-8BITMIME<cr><lf></p><p>08:31:28.361: >> 250-SIZE 70254592<cr><lf></p><p>08:31:28.361: >> 250 STARTTLS<cr><lf></p><p>08:31:28.361: << STARTTLS<cr><lf></p><p>08:31:28.440: >> 220 Go ahead with TLS<cr><lf></p><p>08:31:28.533: [!] OpenSSL reported errors during handshake - error queue follows:</p><p>08:31:28.565: [!] -------------------------------------------------------------------------</p><p>08:31:28.580: [!] error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error</p><p>08:31:28.580: [!] -------------------------------------------------------------------------</p><p> </p><p>So, it seems there is a problem MercuryE is having connecting to this server over a secure connection. I am able to send email to this email address through my gmail account without issue. Any ideas/suggestions? </p><p>Thanks,</p><p><span style="font-size: 10pt;">Mark </span></p></wbr></wbr></wbr></wbr>I am getting the same error when sending out using StartTLS on MercuryE. If I turn off the encryption, it works fine.
MercuryS StartTLS works fine without issues when receiving email from Gmail servers.
11:20:05.650: --- 12 May 2016, 11:20:05.650 ---
11:20:05.650: Connect to '173.194.68.26', timeout 60 seconds.
11:20:06.650: >> 220 mx.google.com ESMTP 73si8857977qgt.100 - gsmtp<cr><lf>
11:20:06.650: << EHLO mail.k**y.org<cr><lf>
11:20:06.682: >> 250-mx.google.com at your service, [216.xxx.xxx.xx]<cr><lf>
11:20:06.682: >> 250-SIZE 157286400<cr><lf>
11:20:06.682: >> 250-8BITMIME<cr><lf>
11:20:06.682: >> 250-STARTTLS<cr><lf>
11:20:06.682: >> 250-ENHANCEDSTATUSCODES<cr><lf>
11:20:06.682: >> 250-PIPELINING<cr><lf>
11:20:06.682: >> 250-CHUNKING<cr><lf>
11:20:06.682: >> 250 SMTPUTF8<cr><lf>
11:20:06.682: << STARTTLS<cr><lf>
11:20:06.713: >> 220 2.0.0 Ready to start TLS<cr><lf>
11:20:16.729: [!] OpenSSL reported errors during handshake - error queue follows:
11:20:16.729: [!] -------------------------------------------------------------------------
11:20:16.729: [!] -------------------------------------------------------------------------
This is all it says when I turn on session logging.
Any idea on any fixes? I said use TLS whenever possible. You think that if it would fail the first time, it would try an unencrypted connection next time through, but it just keeps trying TLS connection to the point of where it fails after the time period I have alloted.
David investigated this and it was discovered that there are some older SSL implementations out there that still
expect to find ciphers that have been deprecated or even removed from the SSL specification. When Mercury, using fairly up-to-date SSL
libraries, attempts to connect, they simply can't find any encryption to agree on. At the moment the best way to solve it is probably to add such sites to the exception list in MercuryE configuration / SSL and access control ("Never use SSL for this site...").
