On Wed, Sep 02, 2015 at 09:47:48AM +0100, Gary Stainburn wrote:
> I turned off the SMTP filtering within the firewall yesterday morning and has
> stopped the problems that I was expereincing with TLS connections, so that is
> a success.
Yes, much better now. Opportunistic TLS works just fine with no delays:
$ posttls-finger -cLsummary -lmay ringways.co.uk
posttls-finger: Untrusted TLS connection established to mail.ringways.co.uk[88.211.105.31]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
If the firewall "firmware" is up to date, you might consider
reporting a bug to the vendor, pointing them at this thread. Their
TLS handling is clearly broken. If not up to date, you could at
some point retest after upgrading.
> Thanks Viktor and Eugene.
>
> I wasn't expecting such a huge increase in incoming email though. The
> firewall was definitely doing a grand job of filtering, just a pity about the
> side effects.
The volume may subside once all the queued mail that was unable to
get through is drained. Otherwise, or in any case apply suitable
RBLs and content filters, if you're seeing more spam.
--
Viktor.
