See the follwoing SMTP dialog:
... Connecting to mail.snafu.com. via esmtp... 220 mhnicosi-unix.fubar.it ESMTP >>> EHLO mx1.example.it 250-mhnicosi-unix.fubar.it 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-AUTH LOGIN CRAM-MD5 PLAIN 250-STARTTLS 250-PIPELINING 250 8BITMIME >>>; STARTTLS 220 2.0.0 Ready to start TLS EHLO mx1.example.it ... Deferred: Connection reset by mail.snafu.com. Closing connection to mail.snafu.com.
See the problem here? The receiving server shuts down the connection - possibly because it's not prepared to negotiate TLS with our server, sendmail queues the message and, on the next delivery, will go through the same motions in perpetuum.
I got the solution from this post of Mike Berggren. Basically, either stick
- Try_TLS: No
- Try_TLS:[host designation] NO
Mike points out that adding the M=S flag to the CLIENT_OPTIONS macro in sendmail.mc has the same (global)) effect:
- CLIENT_OPTIONS(`Family=inet, M=S, Addr=22.214.171.124’)dnl