Massive Problems with receiving mails from outbound.protection.outlook.com

[Henning Hucke]

Dear fellows,

for one or the other month in the past but for shure in a raising
manner in the last few weeks i've problems to receive mails which are
emitted by microsoft systems below the domain

outbound.protection.outlook.com

and currently only could work around the problem by disabling STARTTLS
for these systems with the "Srv_Features: S" setting.

The problem triggers log lines like

... STARTTLS=server, error: accept failed=-1, reason=unknown, SSL_error=5, errno=0, retry=-1, relay=mail-fr2deu01on2061c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e24:0:0:0:61c]

and even persists with a cipher list of "DEFAULT:@SECLEVEL=0".

Does anybody have setting which allow encrypted STARTTLS initiated mail
exchange with and especially mail reception from these creepy microsoft
systems?

Best rergards
Henning
--
Can't open /usr/fortunes. Lid stuck on cookie jar.

[Claus Aßmann]

Henning Hucke wrote:

> outbound.protection.outlook.com

> and currently only could work around the problem by disabling STARTTLS

More info is needed...

Do you use (too) short timeouts?
How good is your network connectivity (esp. to M$)?

What is your TLS setup?
Which OpenSSL version do you use?
What kind of certs do you use and do you have any special settings?

> and even persists with a cipher list of "DEFAULT:@SECLEVEL=0".

AFAICT the defaults are working just fine, no modifications
of any TLS related options are needed.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.