Secure message delivery to some mail servers fails or Messaging Gateway fails to negotiate secure connections with servers attempting to connect to it.

Warning level messages which may appear in the SMG MTA logs:

Attempted Delivery to: default-non-local-route Tuesday, May 20, 2014 05:02:24 PM EEST 451 4.4.2 [internal] no helo/ehlo response [email protected]
Attempted Delivery to: default-non-local-route Tuesday, May 20, 2014 05:05:40 PM EEST 421 4.4.0 [internal] failed to connect: no mail servers for this domain could be reached at this time [email protected]
Attempted Delivery to: default-non-local-route Tuesday, May 20, 2014 06:54:15 PM EEST 451 4.4.1 [internal] no valid hosts (unable to make any connections) [email protected]

Debug messages which may appear when the MTA is set to log at DEBUG level:

2014 Jun 10 17:01:11 EEST (debug) ecelerity: [22792] SSL_connect() = -1 
2023 Apr 28 10:01:12 EEST (debug) ecelerity: [65740]   accept: error: 140760fc error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

 Possible causes:

• The remote MTA uses a cypher not compatible with the SMG
• The endpoints are using different SSL verision in the certificate exchange
• Messaging Gateway has been configured to disallow earlier versions of SSL or TLS security

SMG may not be able to negotiate and establish TLS connections to with other mail servers especially if those other servers are using older TLS implementations and SMG has been secured to only allow TLS 1.2 or greater in Protocols > Settings > SSL/TLS Settings

If it is neccessary to accept or deliver mail securly to these domains the SMG MTA minimum TLS protocol level may need to be reduced to accomodate older mail servers which cannot successfully negotiate TLS 1.2 connections.

• Securing Messaging Gateway Best Practices