[01:13] <BCB> I'm connecting from a server in the cloud to a server on the ground to send an email through port 587
[01:13] <BCB> from the command line: openssl s_client -connect server.my-grounded-server.net:587
[01:13] <BCB> the response is: 140185774434048:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
[01:18] <sarnold> try using s_client -tls1_1   .. -tls1_2 etc kinds of flags; search for -bugs in the s_client manpage for a few more ideas to try
[01:20] <BCB> I ran this: openssl  s_client -tls1_1 -connect server.my-grounded-server.net:587
[01:20] <BCB> and it returned:140117241747200:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
[01:22] <BCB> sarnold: any thoughts
[01:23] <sarnold> keep trying the various flags mentioned near -bugs in the manpage, one of them might work
[01:23] <BCB> copy
[01:27] <BCB> sarnold all of these flags are failing.  Does the flag go after openssl OR  s_client OR  -connect ??
[01:32] <sarnold> BCB: after s_client -- eg: openssl s_client -tls1_2 -connect irc.oftc.net:6697
[01:45] <BCB> sarnold no chances.  It is also reporting: no peer certificate available AND No client certificate CA names sent
[01:46] <sarnold> BCB: dang. I was hoping that one of those would just fix it for you :/
[01:46] <BCB> *changes
[01:46] <BCB> me too!
[01:47] <sarnold> BCB: 'no peer certificate' makes sense, because the TLS session negotiation failed to agree on even the basic version of TLS to use
[01:47] <sarnold> BCB: 'no client certificate' makes sense, you didn't use -cert ... and -key ... to request one to be used
[01:49] <BCB> sarnold: the openssl connection works on port :443 but NOT on port :567
[01:49] <BCB> *587
[01:50] <BCB> sarnold let me check my certs on the grounded server
[01:50] <sarnold> BCB: ohh, promising
[01:53] <BCB> sarnold seem to be all good.  that server got A+ on Qualys SSL Labs server test???
[01:54] <BCB> sarnold so I ~don't~ think it's a certificate issue.
[01:54] <sarnold> BCB: hmm, strange, I thought qualys only checked HTTPS and didn't do anything for submission
[01:56] <BCB> my submission used my ssl cert for the site
[01:56] <BCB> *uses
[01:57] <sarnold> sure, but afaik qualys can't tell you if you've got your MTA configured correctly..
[01:59] <BCB> sarnold mxtoolbox shows all good when I test my mailserver there.  Maybe it is on the sending server.
[02:02] <sarnold> BCB: do your system logs show them testing port 587? or just 25?
[02:09] <BCB> sarnold what do you mean "testing"  the mail server is set up to receive submissions on 587
[02:09] <sarnold> BCB: whatever it is that mxtoolbox does
[02:43] <kenyon> BCB: usually you have to do -starttls with submission, it doesn't do TLS directly
[02:44] <kenyon> `-starttls smtp`
[02:45] <sarnold> OH MAN
[02:45] <sarnold> can't believe I forgot that :(
[02:47] <BCB> kenyon someone on #postfix just told me that!  But why did the cmd with out '-starttls smtp' work previously ??
[02:47] <BCB> kenyon I don't understand why it is failing now.
[02:48] <kenyon> BCB: maybe you weren't testing against an smtp server before
[02:48] <kenyon> or you were testing with smtps port 465 which does direct TLS
[02:49] <BCB> kenyon no it was on a production server that worked fine
[02:49] <BCB> nope  port 587 for ever
[02:49] <BCB> ANYWAY I'm using phpmailer.  Now how do I tell that use use '-starttls smtp' when making the connections??
[02:53] <BCB> kenyon my emailserver supports STARTTLS https://pastbin.net/raw/untitled-404
[02:53] <kenyon> BCB: looks like you do `$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;`
[02:53] <BCB> kenyon: thanks.  let me try that
[02:53] <BCB> kenyon: did you get that from a link on the web??'
[02:54] <kenyon> BCB: just read the source
[02:54] <kenyon> https://github.com/PHPMailer/PHPMailer/blob/a69cfb1860c36f607d0822ee88d8a67da35fa5d8/src/PHPMailer.php and https://github.com/PHPMailer/PHPMailer/blob/master/examples/ssl_options.phps
[02:54] <BCB> kenyon yes I was poking around in there.  Thank you!
[02:58] <BCB> kenyon those examples show '$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;' NOT $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTLS;'
[02:58] <BCB> where did you see that cmd
[02:58] <kenyon> BCB: this is not really relevant to this channel now, but in the first link I gave, that constant is defined
[02:59] <BCB> kenyon Copy.  Thank you!
[17:19] <eb3095_> Hello, I'm from Vultr. We are having issues with the repos blocking our IP space. Can I get more information on this and how to get this resolved as quickly as possible? All our Ubuntu images are failing to deploy at this time because of this issue.
[17:47] <sdeziel> eb3095_: I'm not sure but I think #ubuntu-mirrors would be a better place to ask
[17:49] <eb3095_> Great thanks, wasnt exactly sure