Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fahad
New Contributor III

Server TLS issue

Hi,

 

i am unable to recieve an email from specific domain, upon troubleshooitng i found the following error :

STARTTLS=server, error: accept failed=-1, reason=unknown, SSL_error=5, errno=104, retry=-1, relay=somedomain.com [1.1.1.1]

 

is it could be because of TLS profile or do i have increase the cipher level ?

am unable to understand the error message here .

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
4 REPLIES 4
emnoc
Esteemed Contributor III

Do you have a TLS profile  for sending?

 

Are you enable for TLS for  receiving ?

 

But yes if you are some one is trying to  use TLS and the  system are not compatible, the MTA will fallback or even deny mail as determine the policy ( required or  preferred )

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Fahad
New Contributor III

hi am not using TLS profile for sending and didnt enable it for receiving , do i have to for both ?

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
emnoc
Esteemed Contributor III

yes you  need  delivery rule  to use TLS outbound. Typically you write it as  *.somdomain.com and set the TLS   and method.

 

Download the   fortimail cli and administration guide for your version of FML and follow the guidelines. Keep in mind that NOT all  MX support TLS or even have it enable.

 

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Fahad
New Contributor III

i think i found the issue, am using on my fortimail the following cipher : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

 

but when i checked the the ciphers used by the other domain am having an issue with i found that none of the matching the one am using, would this be an issue for connection error am getting .

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors