You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: MaLu_Swe
MaLu_Swe Author
User level: Level 1
8 points

SSL_accept error & lost connection after STARTTLS

Last year I configured a Lion Server with mail and everything has worked flawlessly.

A month ago I installed a Thawte certificate on the mail server so iPhone and MacBook users could access mail outside of the network.


Everything seems to be working perfect for all services, except for SMTP. When some, too many but far from all, mail servers try to deliver mail to the domain, they fail. I've configured mail services to USE (not require) the Thawte certificate on SMTP.

Kerberos and CRAM-MD5 are also configured for SMTP.


Among these mail servers who is failing are Microsoft Office 365 servers, they can't deliver mail.

In the SMTP log it says "postfix/smtpd SSL_accept error from".


The log reads:

Nov 22 11:07:26 macsrv postfix/postfix-script[79366]: refreshing the Postfix mail system

Nov 22 11:07:26 macsrv postfix/master[79340]: reload -- version 2.8.4, configuration /etc/postfix

Nov 22 11:08:32 macsrv postfix/postscreen[79394]: CONNECT from [216.32.180.13]:26867

Nov 22 11:08:38 macsrv postfix/postscreen[79394]: PASS NEW [216.32.180.13]:26867

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: connect from va3ehsobe003.messaging.microsoft.com[216.32.180.13]

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: SSL_accept error from va3ehsobe003.messaging.microsoft.com[216.32.180.13]: -1

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: lost connection after STARTTLS from va3ehsobe003.messaging.microsoft.com[216.32.180.13]

Nov 22 11:08:38 macsrv postfix/smtpd[79396]: disconnect from va3ehsobe003.messaging.microsoft.com[216.32.180.13]



The SMTP port and mail submission is open in the firewall.


Are there anyone who has a clue on how to get the SMTP service in OS X Lion to work with a certificate?

Mac mini, OS X Server

Posted on Nov 22, 2012 2:50 AM

Reply
Question marked as Top-ranking reply
User profile for user: MaLu_Swe
MaLu_Swe Author
User level: Level 1
8 points

Posted on Nov 30, 2012 4:22 AM

I've solved it!


After I ran an update for IPS on the Check Point Firewall and then added an exclusion for a triggered IPS definition called SMTP STARTTLS Command, the mail now works fully with the Thawte 123 certificate!


I also updated the IPS last week, but that didn't change anything.

So I guess this is a very recent change in the IPS package from Check Point.

View in context
1 reply
Question marked as Top-ranking reply
User profile for user: MaLu_Swe
MaLu_Swe Author
User level: Level 1
8 points

Nov 30, 2012 4:22 AM in response to MaLu_Swe

I've solved it!


After I ran an update for IPS on the Check Point Firewall and then added an exclusion for a triggered IPS definition called SMTP STARTTLS Command, the mail now works fully with the Thawte 123 certificate!


I also updated the IPS last week, but that didn't change anything.

So I guess this is a very recent change in the IPS package from Check Point.

Reply

SSL_accept error & lost connection after STARTTLS

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up