This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Alexis Quetjipyter
Aug 12, 2014, 12:51 PM
46 Posts
topic has been resolvedResolved

TLS Command unrecognized

  • Category: Mail
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags: STARTTLS,1046h,handshake error
  • Replies: 4

Good morning everyone

 

I had configured TLS on a domino server following this instructions

https://www-304.ibm.com/support/docview.wss?uid=swg21108352

 

Everything was working fine until yesterday, when just one domain (so far) is giving me an error:

 

[1634:0014-12A0] 08/12/2014 09:41:19 AM  [1634:0014-12A0] SMTPClient: Attempting to Connect: Host xxxxx.xxxxxxx.COM, Port 25, SSL Port 0, Connecting Domain mail.xxxxx.com
[1634:0014-12A0] 08/12/2014 09:41:19 AM  [1634:0014-12A0] SMTPClient: Connection successful
[1634:0014-12A0] 08/12/2014 09:41:19 AM  [1634:0014-12A0] SMTPClient: ReceiveResponse: 220 xxxxxxx.xxxxxxx.com Blah blah blah Mail Gateway
[1634:0014-12A0] 08/12/2014 09:41:19 AM  [1634:0014-12A0] SMTPClient: CommandEHLO: EHLO mail.xxxxxxx.com
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: ReceiveResponse: 250-xxxxxxx.xxxxxxx.com Hello mail.xxxxxx.com (IP Address)
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: ReceiveResponse: 250-STARTTLS
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: ReceiveResponse: 250 SIZE
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: CommandSTARTTLS: STARTTLS
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: ReceiveResponse: 220 Ready to start TLS
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: SSL handshake error: 1046h
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: Attempting to Disconnect:
[1634:0014-12A0] 08/12/2014 09:41:21 AM  [1634:0014-12A0] SMTPClient: CommandQUIT:
[1634:0014-12A0] 08/12/2014 09:41:22 AM  [1634:0014-12A0] SMTPClient: ReceiveResponse: 500 Command unrecognized "
[1634:0014-12A0] 08/12/2014 09:41:22 AM  [1634:0014-12A0] SMTPClient: Connection terminated with status: 15084
[1634:0014-12A0] 08/12/2014 09:41:22 AM  Router: No messages transferred to xxxxxxx.xxxxxxx.com (host xxxxxxx.xxxxxxx.com) via SMTP: SSL Error: Invalid SSL message
 

I tried to google it, but I didn't find too much about this. This is the only domain wich I'm having problems with. Other domains are working fine.

I made a test on this site: http://www.checktls.com/perl/TestReceiver.pl?FULL

It seems OK too

 

Any advice?

Thank you

~Phil Nonhipigenikle
Aug 12, 2014, 2:29 PM
26 Posts
check the other end

Since it's only happening for 1 domain I would suggest checking with the mail admin on the receiving end to see if they have any special configuration.  Port configuration may be a good place to look.  If the receiving domain attempts to send an SSL encrypted message to you does it come through OK?

~Fred Deslubergynds
Aug 12, 2014, 2:43 PM
59 Posts
workaround

I don't know how to fix the SSL problem (I see these with some smtp servers, too), but you can keep the mail flowing by adding 

RouterFallbackNonTLS=1

to the server's notes.ini. It tells SMTP to send the mail without TLS if TLS fails.

mentioned in the 'note' at the end of this KB article

http://www-01.ibm.com/support/docview.wss?uid=swg21570039

~Alexis Quetjipyter
Aug 12, 2014, 5:21 PM
46 Posts
Thanks

I'm going to try that.

 

Thank you both for your comments!

 

Edit: It worked with Stuart solution. Thanks!

~Ned Umlutherettu
Aug 18, 2014, 8:18 PM
113 Posts
465 instead of TLS?
The other times Ive seen that 1046h ssl handshake error was due to attempt over the old secure 465 port instead of TLS over 25,
see if toggling that port in your server document -> ports-> internet ports->mail has any effect

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal