Hi All,
I have a ticket logged with Symantec regarding this, but wondering if anyone else has seen this issue. A client using Mimecast to send/receive email is having issues sending us email via enforced TLS. Roughly 50-70% of the email is rejected as it is not seen as sent using TLS our side. On investigation using the TCPdump during testing, i can see the rejected messages are when a previous TLS session is used, rather than establishing a new TLS session.
Our side (the SMG) responds to the request to re use a session with the correct session ID as per the RFC on page 36 but according to the logs mimecast sent, at the point of the 2nd HELO once the session is established (or reused in this case), our side drops the conneciton as the STARTTLS is not included in the options from the sender.
Has anyone else seen this sort of issue, where enforced TLS sometimes works, sometimes doesn't?, we're running 10.5.3-4 on VMware, rebooted our affected host last night but see the same problem. Waiting on Symatec to comment on my ticket after uploading my latest test data and findings.
Andy