problems receiving email from specific provider(TLS error)
Problem reported by gmcleary - December 11, 2016 at 12:47 PM
We are having issues receiving email from a specific provider.  Below are the log entries.  For some reason only when email is sent from this provider, it does not go through.  Any guidance would be appreciated. 
------------------------------bounced back message to the recipient------------------------------------------------------

Reporting-MTA: dns; vml905.mailserver.com

Final-recipient: RFC822; someone@domainname.com
Action: failed
Status: 4.4.7
X-Supplementary-Info: < #4.4.7 SMTP; 403 4.7.0 TLS handshake failed.>

---------------------message from log file-----------------------------------------------------------
2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] rsp: 220 mail.mailserver.com
[2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] connected at 12/9/2016 1:00:21 PM
[2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] cmd: EHLO vml905.domainname.com
[2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] rsp: 250-mail.domaname.com Hello [xxx.xxx.xxx.142]250-SIZE 15728640250-AUTH LOGIN CRAM-MD5250-STARTTLS250 OK
[2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] cmd: STARTTLS
[2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] rsp: 220 Start TLS negotiation
[2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] Exception negotiating TLS session: System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid
[2016.12.09] 13:00:21 [xxx.xxx.xxx.xxx][63050712] disconnected at 12/9/2016 1:00:21 PM

1 Reply

Reply to Thread
Rod Lasky Replied
December 12, 2016 at 8:38 AM
Employee Post
Hello Gmcleary.  This is probably due to a TLS issue with the sending mail server.  You can test this using OpenSSL with the following command:
s_client -starttls smtp -crlf -connect mail.sendingdomain.com:25
With Windows, you'll need to install OpenSSL, on a Mac this is supported natively.  In a console, type OpenSSL.  I hope this helps.
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278

Reply to Thread