These issues here that are being seen have led us to go through the following actions without any resolution now for more than 3 months.
1) Tls on or off, doesnt mater which settings are used - same issues,
2) iis crypto best practices - No change
3) We have edited the registry, to ensure that .net 4 uses the defaults, and that the various versions are enabled or disabled, - no difference.
4) We have gone through all the settings in smartermail and resaved everything, same issues
5) Brand new install ow windows 16 with latest SM100 - Same issues
We have had a ticket opened for 3 months without resolution to this issue. What worries me is we were running SM 12,x SM 15.x for 14 years without issues, in november last year we upgraded our main servers to sm100, and the sm12 server we upgraded to sm15.7 latest version, and then we started noticing this issue on all the gateways and servers, we thought it was an issue specific to certain servers as other servers had no issues, the main issues is seen to xneelos servers in capetown, we also picked up a few to 2 other isps, the common factor is its exim4 on these servers. We have contacted all of these parties to investigate and they cant identify specific issues on their side.
We did do wireshark traces, and there are some network retries that do happen, but this is normal for networks to see these. My question for SM is the following.
1) Why are these emails started to send, the TLS command is given, and that is where it ends. no further communications, NO retries of these emails, you cannot force them, you cannot reset the retry count, etc. But if you restart the SM service then these emails are sent fine 100%. We have lost loads of customers due to this issue, and I feel it is being put on us to look into it rather than SM investigating it further, A while before this we had another issue, and we were informed that TLS 1 and 1.1 were becoming end of life and we should disable these, but there are still isps using tls1.1.
2) When we test the server using the qualitylabs ssl tests, if we test the webserver it checks out our server and all ciphers etc are available and tested and we can obtain a level A rating if we turn off tls 1.1, but for backward compatibility we leave it on and we are ranked a B. But if you test the SM server ie SMTP then the weak protocols are used and some stronger protocols are not seen, why is SM ignoring these ciphers ?
In my opinion the lates releases of sm15.7 and the latest SM100 has some serious issues related to TLS and there is No Resolution for it.
Another issue we are seeing is we started seeing SM fails reverse dns on certain servers, however declude and spamassassin pass reversedns with no problem, the servers connecting to us are ipv4 server, we use ipv4 and we do not have ipv6 enabled on sm, but the reversedns fails because SM is trying to lookup the remote server using ipv6 protocols. This ticket is also 3 months old and we also started experiencing this issue only after upgrading.
We also run some other MTAs running on Linux these do not see the same issues experienced with SM 15.7 latest and SM100, we also have a sm12 server running as a spool server this doesnt see the same issues either.
Just an update, we were only seeing this happening on mails being delivered from our servers outbound, I found 3 messages today in this stae inbound, so they have been received and have not been delivered to the mailbox on the same server. This is where the log stopped for this message.
[2021.02.23] 13:34:28.125  Spam Checks completed.
[2021.02.23] 13:34:28.125  Removed from SpamCheckQueue (93 queued or processing)
[2021.02.23] 13:34:28.735  Added to LocalDeliveryQueue (1 queued; 1/50 processing)
[2021.02.23] 13:34:28.735  [LocalDeliveryQueue] Begin Processing.
[2021.02.23] 13:34:28.735  Starting local delivery to firstname.lastname@example.org