Messaging Gateway

 View Only

  • 1.  SMG fails to receive email when Opportunistic TLS is used

    Posted Jul 21, 2015 09:06 AM

    When I client who uses Mimecast emails us, and mimecast uses opportunistic TLS, SMG rejects the messages with a retry later.

    The message header contains a failed TLS negotiation

    Unable to initiate TLS - Possible CA Problem - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    INFO |0716-101804 070|...|||Error Code|21040|Socket closed

    The SMG is running the latest updates 10.5.2

    We can email the client fine. Anyeon else expercing issues wiht this or similar  ?

    Why is SMG not falling bakc to clear if TLS negotiation fails. Why is TLS failing ?

    thank you in advance

     

     

     

     

     

     



  • 2.  RE: SMG fails to receive email when Opportunistic TLS is used
    Best Answer

    Posted Jul 22, 2015 07:05 AM

    I will answer my own question in the absence of any other response (as seems common on this forum)

    The bottom line is TLS is broken in SMG. It cannot cope with strict enforcement, I needed Mimecast to make an exception and relax the TLS to our domain

    The bugs and issues in this product is quite frankly staggering, giving we are supposed to be on version 10

    See here

    https://support.symantec.com/en_US/article.TECH228576.html

    And here for more info on the TLS situation in SMG

    http://www.symantec.com/connect/articles/symantec-messaging-gateway-and-tls-post-poodle-internet

    What I find most frustrating is that , Mimecast can get the implementation right and handle this well, yet SMG can not.