HELP!! STARTTLS/SMTPS error: connect failed=-1

bachri_faisal · ‎05-23-2013

Hi, After succesfully upgrade firmware from v4 MR3 Patch 1 to Patch 5, Fortimail can not relay email to Protected domain (internal email server). There an error message on email logs as follow. When SMTPS enabled, error message will be as follow: from=test@example.com, size=0, class=0, nrcpts=1, proto=SMTP, daemon=SMTP_MTA, relay=[xxx.xxx.xxx.xxx] from=test@example.com, size=88, class=0, nrcpts=1, msgid=<201305240412.r4O4CROY005339-r4O4CROb005339@xxxx-xxxx>, proto=SMTP, daemon=SMTP_MTA, relay=[xxx.xxx.xxx.xxx] SMTPS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 to=xxx@xxx.xxx, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=31574, relay=xxxx.xx.xx. [xxx.xxx.xxx.xxx], dsn=2.0.0,stat=Sent When SMTPS disabled, error message will be as follow: from=test@example.com, size=0, class=0, nrcpts=1, proto=SMTP, daemon=SMTP_MTA, relay=[xxx.xxx.xxx.xxx] from=test@example.com, size=88, class=0, nrcpts=1, msgid=<201305240420.r4O4K4db005565-r4O4K4de005565@xxx-xxx>, proto=SMTP, daemon=SMTP_MTA, relay=[xxx.xxx.xxx.xxx] STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 to=xxx@xxxx.xxx, delay=00:00:06, xdelay=00:00:05, mailer=esmtp, pri=31574, relay=xxxx.xx.xx. [xxx.xxx.xxx.xxx], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake. How to solve this problem? Thanks for any help. Cheers, Faisal

emnoc · ‎05-24-2013

stat=Deferred: 403 4.7.0 TLS handshake.

What' s your delivery policies and your security profile action? profile > security and the action upon failure ?

PCNSE

NSE

StrongSwan

bachri_faisal · ‎05-24-2013

There only TLS and Encryption menu tab inside Profile > Security. No delivery option and security profile option.

bachri_faisal · ‎05-24-2013

I use Fortimail 100 with HA.

emnoc · ‎05-24-2013

You have to add some access-controls or how are you trying todo deploy ssl? See here;

PCNSE

NSE

StrongSwan

bachri_faisal · ‎05-24-2013

Oh..you mean policy access control & delivery. No delivery policy applied since installation.

bachri_faisal · ‎05-26-2013

I did clean install and restore config to slave unit, but still no luck.

bachri_faisal · ‎05-28-2013

Finally, by revert back to previous firmware version and restore configuration solved the problem. When try to re-upgrade and appear below error message on console. " Configuration file build number check failed. 4.00.495:4.00.534"

emnoc · ‎05-29-2013

Did you open a ticket with support? I had problems on my last upgrades for a few 100C and it was not a clean upgrade. Can' t remember what my problems where, but it was mainly with/mail being rejected. Maybe support might have a fix or a bug open on this.

PCNSE

NSE

StrongSwan

bachri_faisal · ‎05-29-2013

Yes, I opened a ticket for this issue. But the response take a day or two for each update ticket from me...

Also, I tried to update the patch one by one with no problem from patch 1 to 4 except patch 5.

HELP!! STARTTLS/SMTPS error: connect failed=-1

Nominate a Forum Post for Knowledge Article Creation