Autor: Jeremy Harris Data: A: exim-users Assumpte: Re: [exim] remote MX does not support STARTTLS
On 23/09/2020 16:59, Bill Cole via Exim-users wrote: > 1. You don't allow any TLS versions below 1.2. While that may seem to be
> a safety measure, it actually can cause problems because a client that
> does not support v1.2 or v1.3 can only resort to sending in clear text.
>
> 2. Your server is soliciting client certificates and sending a list of
> 126 acceptable CAs. Some clients may interpret the solicitation of
> client certs as a demand for a client cert, and when they cannot match a
> CA on that list, will give up. Unless you are using client certs for
> authentication (generally not useful on port 25) there's no reason to
> solicit them.
No, neither of those - the GMX end is not even soliciting STARTTLS.
It doesn't get as far as trying a TLS handshake.
My only guess is to try disabling CHUNKING or PRDR advertisement, to see
if one of those is confusing them.
--
Cheers,
Jeremy