Home / server / Questions / 745567
Accepted
ibi0tux
Asked: 2015-12-29 07:08:25 +0800 CST

Exim TLS Error when trying to send mail

  • 772

I have exim installed on my server and I would like to send mails for a website hosted with apache with php's mail() function.
When I try to send an e-mail, I have no error, but the e-mail never arrives. I've checked the exim's logs and I've got this :

2015-12-28 15:51:36 1aDZ96-00052a-5y <= [email protected] U=www-data P=local S=490
2015-12-28 15:51:37 1aDZ96-00052a-5y TLS error on connection to mx2.hotmail.com [65.54.188.72] (recv): The TLS connection was non-properly terminated.
2015-12-28 15:51:37 1aDZ96-00052a-5y TLS error on connection to mx2.hotmail.com [65.54.188.72] (send): The specified session has been invalidated for some reason.
2015-12-28 15:51:37 1aDZ96-00052a-5y ** [email protected] R=dnslookup T=remote_smtp X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256 DN="CN=*.hotmail.com": SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1526: host mx2.hotmail.com [65.54.188.72]: 550 SC-002 (BAY004-MC1F20) Unfortunately, messages from xxx.xxx.xxx.xxx weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.
2015-12-28 15:51:38 1aDZ97-00052f-Uc <= <> R=1aDZ96-00052a-5y U=Debian-exim P=local S=1747
2015-12-28 15:51:38 1aDZ96-00052a-5y Completed

Each try to send an e-mail produces errors like these. I've searched what may cause this. I found that similar errors may occur when a server is blacklisted but there is no reason my server would be (and I've checked with mxtoolbox and there is no problem).

The error posted here shows an hotmail receiver address, but I get likely errors for other target domains like so :

SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1898: host smtp-in.orange.fr [193.252.22.65]: 501 5.1.0 Emetteur invalide. Invalid Sender. O

I've been also told to always une -f option with sendmail to provide a sender address however it only changes the sender address shown in the error log and the error is the same.

What should I do ?

email-server

2 Answers

  1. You're local TLS certificate is likely smaller than 1024 bits. Re-key and make sure to use a keysize of 1024 or 2048. Make sure Exim is using the right new key and you should be good to go.

    • 3
  2. Best Answer

    Here's an explanation of the errors you had encountered:

    1. 2015-12-28 15:51:37 1aDZ96-00052a-5y TLS error on connection to mx2.hotmail.com [65.54.188.72] (send): The specified session has been invalidated for some reason.

    This means that you are trying to use a self-signed SSL-certificate for your server, they shouldn't be used anywhere outside test environment, since most servers on the internet will refuse to connect.

    To use SSL you need to get a properly signed certificate (for example you can get it for free from StartSSL or WoSign.)

    1. 2015-12-28 15:51:37 1aDZ96-00052a-5y ** [email protected] R=dnslookup T=remote_smtp X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256 DN="CN=*.hotmail.com": SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1526: host mx2.hotmail.com [65.54.188.72]: 550 SC-002 (BAY004-MC1F20) Unfortunately, messages from xxx.xxx.xxx.xxx weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors

    This means that you're trying to run a mail server on a home ISP or otherwise compromised network. Most of major mail servers won't accept mail originating from home IPs. You'd have to follow their rules if you want your mail delivered - asking your ISP to go to http://mail.live.com/mail/troubleshooting.aspx#errors and do what Microsoft asks might be the only way to fix it. But first you should contact live.com support yourself and ask what they need to white-list your host.

    Prepare to contact and have lengthy correspondence with every major mail service to get your mail flowing.

    1. SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1898: host smtp-in.orange.fr [193.252.22.65]: 501 5.1.0 Emetteur invalide. Invalid Sender.

    This means that domain you send your mail from doesn't correspond to what orange.fr expect it to be. Check if it has MX records that resolve correctly to the IP that you're sending your e-mail from

    • 2