reason: 403 4.7.0 TLS handshake failed
There is likely a mismatch between the ciphers that are supported by your server, and those supported by the recipient's server.
On a given connection, once the initiating server attempts to STARTTLS
, there's no going back. (It doesn't have to necessarily attempt STARTTLS
, but once it does, the state of the connection is forever altered.)
If the mismatch of the ciphers occurs, then the connection cannot proceed, and, as per above, there's no going back to pre-TLS state, so, you just have to abandon the connection, and retry.
Supposedly, proper software is supposed to retry without STARTTLS in such situations, according to most of the specs of these protocols that support a StartTLS extension, but it's not entirely clear whether most software implements such retries or not.
So it turns out that I had seen this with other servers with a common thread that all affected domains were using outlook. I looked into this more and found that my email cert had expired. I fixed that and all is well.