[exim] TLS error on connection to smtp.office365.com (gnutl…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
MBoylan, Ross at ->
Delete this message
Reply to this message
Author: Boylan, Ross
Date:  
To: exim-users@exim.org
Subject: [exim] TLS error on connection to smtp.office365.com (gnutls_handshake): An unexpected TLS packet was received.
My campus recently switched to office365.com on port 587 from an internal Exchange server. Unfortunately, I haven't been able to connect. Typical error message is
TLS error on connection to outlook-namwest2.office365.com [40.97.133.114] (gnutls_handshake): An unexpected TLS packet was received.

Searching on the internet has some advice on setting up connections to office365, but I think I have everything set.

Could it be a problem that my passwd.client file has (some info obscured)
smtp.office365.com:xxx@???:xxxx
but that the ultimate host name is different, as seen above? The router uses the smtp.office365.com name.

Other ideas, including ways to isolate the problem?

I also tried with smtptest and got a similar, early, failure. It seems to be before any real authentication, since it never asked for a password. I'm putting this first because it may have more detail about the problem than the exim logs further down.
--------------------------------------------------------------------------
$ smtptest -u xxx@??? -s -p 587 smtp.office365.com -v
starting TLS engine
setting up TLS connection
SSL_connect:before/connect initialization
write to 7FA54998CB40 [7FA54998D0C0] (517 bytes => 517 (0x205))
0000 16 03 01 02 00 01 00 01|fc 03 03 d2 00 f3 fa 76
0010 73 99 a9 80 25 a8 a9 f3|e8 7a 59 da b2 72 12 86
0020 dd 14 4a 98 f9 4e b8 e9|27 6b ac 00 00 82 c0 30
0030 c0 2c c0 28 c0 24 c0 14|c0 0a 00 a3 00 9f 00 6b
0040 00 6a 00 39 00 38 00 88|00 87 c0 32 c0 2e c0 2a
0050 c0 26 c0 0f c0 05 00 9d|00 3d 00 35 00 84 c0 2f
0060 c0 2b c0 27 c0 23 c0 13|c0 09 00 a2 00 9e 00 67
0070 00 40 00 33 00 32 00 9a|00 99 00 45 00 44 c0 31
0080 c0 2d c0 29 c0 25 c0 0e|c0 04 00 9c 00 3c 00 2f
0090 00 96 00 41 c0 11 c0 07|c0 0c c0 02 00 05 00 04
00a0 c0 12 c0 08 00 16 00 13|c0 0d c0 03 00 0a 00 ff
00b0 01 00 01 51 00 0b 00 04|03 00 01 02 00 0a 00 34
00c0 00 32 00 0e 00 0d 00 19|00 0b 00 0c 00 18 00 09
00d0 00 0a 00 16 00 17 00 08|00 06 00 07 00 14 00 15
00e0 00 04 00 05 00 12 00 13|00 01 00 02 00 03 00 0f
00f0 00 10 00 11 00 23 00 00|00 0d 00 20 00 1e 06 01
0100 06 02 06 03 05 01 05 02|05 03 04 01 04 02 04 03
0110 03 01 03 02 03 03 02 01|02 02 02 03 00 0f 00 01
0120 01 00 15 00 e0
0205 - <SPACES/NULS>

SSL_connect:SSLv2/v3 write client hello A
read from 7FA54998CB40 [7FA549992620] (7 bytes => 7 (0x7))
0000 32 32 30 20 4d 57 48
SSL_connect:error in SSLv2/v3 read server hello A -1
SSL_connect error -1
SSL session removed
failure: TLS negotiation failed!
---------------------------------------------------

This is from a debugging session with exim
---------------------------------------------------------------------------
outlook-namwest.office365.com [40.97.124.34]:587 status = usable
40.97.124.34 in serialize_hosts? no (option unset)
delivering 1d3vC1-0007Xf-NB to outlook-namwest.office365.com [40.97.124.34] (xxx@???)
set_process_info: 28999 delivering 1d3vC1-0007Xf-NB to outlook-namwest.office365.com [40.97.124.34] (xxxx@???)
Transport port=465 replaced by host-specific port=587
Connecting to outlook-namwest.office365.com [40.97.124.34]:587 ... connected
40.97.124.34 in hosts_avoid_esmtp? no (option unset)
40.97.124.34 in hosts_require_ocsp? no (option unset)
40.97.124.34 in hosts_request_ocsp? yes (matched "*")
initialising GnuTLS as a client on fd 7
GnuTLS global init required.
initialising GnuTLS client session
Expanding various TLS configuration options for session credentials.
TLS: no client certificate specified; okay
TLS: tls_verify_certificates not set or empty, ignoring
GnuTLS using default session cipher/priority "NORMAL"
Setting D-H prime minimum acceptable bits to 1024
in tls_verify_hosts? no (option unset)
in tls_try_verify_hosts? no (option unset)
TLS: server certificate verification not required.
TLS: will request OCSP stapling
about to gnutls_handshake
LOG: MAIN
TLS error on connection to outlook-namwest.office365.com [40.97.124.34] (gnutls_handshake): An unexpected TLS packet was received.
ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL
set_process_info: 28999 delivering 1d3vC1-0007Xf-NB: just tried outlook-namwest.office365.com [40.97.124.34] for xxx@???: result DEFER
added retry item for T:outlook-namwest.office365.com:40.97.124.34:587: errno=-37 more_errno=0,A flags=2

I have disable_ipv6 = true; without it exim tried only IPv6 addresses, which weren't routable by the OS.
exim 4.84_2 running on Debian Jessie.

Thanks for any help.
Ross Boylan




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Auto Responder / Vacation issueRe: [exim] TLS error on connection to smtp.office365.com (gnutls_handshake): An unexpected TLS packet was received.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)