I have sent emails to known good addresses which have consistently been undelivered with no error messages. Emails to State Farm, Sky.com and others were not delivered. State Farm support investigated and told me Hughes net does not use TLS 1.2 security protocols and they reject any emails from anyone not using TLS 1.2 or above.
I use Thunderbird (and myhughesnet webmail) and tried both SMARTTLS and SSL/TLS SMTP protocols with no resolution. Using https://www.checktls.com/TestReceiver app it fails as seen in the attached screen shots. So is the Hughes net email server really wide open with no TLS or encryption security protocols to the outside world or is it something in Thunderbird?
Given the information from State Farm and CheckTLS I suspect its the Hughes net server. No TLS, No Certificate, Flagged as not secure? Anyone else get the same results from CheckTLS.com or is it just me? Any help appreciated.
Are you certain it's mx? Generally outgoing mail comes from smtp.hughes.net, and incoming to mail.hughes.net. I have no idea how State Farm came up with any of that information. Try testing 220.127.116.11 (smtp.hughes.net) on that site. The only issue appears to be cert. TLS is fine.
Think the issue you're running into has nothing to do with Synacor's general admin of the server. It likely has to do with RBL blocking and they're currently listed on bl.emailbasura.org, dnsbl-1.uceprotect.net, dnsbl.sorbs.net, spam.dnsbl.sorbs.net.
I tried replying to your post but it never showed up so I'll try again. Yes I use the correct IP for smtp.hughes.net as shown in the mail log response from State Farm:
Here is a log excerpt from state farm for an attempted email from hughes.net
Oct 28 15:24:18 postfix/smtpd: connect from smtp.hughes.net[18.104.22.168]
Oct 28 15:24:19 postfix/smtpd: SSL_accept error from smtp.hughes.net[22.214.171.124]
Oct 28 15:24:19 postfix/smtpd: lost connection after STARTTLS from smtp.hughes.net[126.96.36.199]
Oct 28 15:24:19 postfix/smtpd: disconnect from smtp.hughes.net[188.8.131.52]
State Farm also commented:
"This email delivery issue from hughes.net is related to TLS, which is an email security protocol used to send/receive email over the Internet. Hughes.net appears to be configured to send email to State Farm using TLSv1.0. However, we are required to send and receive TLS-encrypted emails using TLS 1.2 or higher. We are no longer able to send or receive SSL v3.0 or TLS 1.0/1.1 emails"
I found a thread on the Postfix Email admin forum commenting on the recent migration from smtp.hughes.net to mx.hughes.net:
"Beginning in March '19 Messages are being tossed without ever having been accepted.
It doesn’t give you a link explaining what’s happened or why.
If they’re greylisting, it’s not being done correctly.
If they’re blacklisting, they should say so with a 5xx response and explain why (reputation, RBL, DKIM, SPF, etc).
I noticed that before this happened, smtp.hughes.net used to receive email (i.e. be their MXer), then it got switched to mx.hughes.net and this started happening"
So looks like email outsourcing to a more cost effective (cheaper) service or configuration may be the culprit - when you say in your reply "TLS works" were you able to confirm the version level was TLS 1.0 or TLS 1.2? The hughes net domain no longer reports the smtp.hughes.net server according to uptime.com/hughesnet.com or tlscheck.com/hughesnet.com.
Mail to AOL does not go through (other folks report this) and outlook.com bins hughesnet email into the spam bucket. Since the change to mx.hughes.net my spam level soared to ~30% so guess its time to migrate to a new email service 8^(
I may have jumped the gun on TLS. The stoplight status showed TLS passed.
Upon looking at the detail, it is indeed TLSv1, which I'll assume is 1.0, not 1.2. 😱
As far as smtp.* not being reported, try sending an email from your HN account to another account. Think you'll find it's still using smtp.hughes.net regardless of any purported switchover.
Sent lots of tests emails from my hughes email accounts with the same result - no delivery, no return error, nothing.
smtp.hughes.net became an issue when it moved to mx.hughes.net and will contunue to fail until it is updated to a version of TLS that receving email servers will accept. At this time that is TLS 1.2 - Hughesnet mail is at TLS 1.0
So unless Hughesnet mail servers are updated to TLS 1.2 this problem is never going to get fixed. What does the Moderator or the email SysAdmins say about this topic? I'm sure they are very aware of the problem but probably don't have the budget from Corporate to upgrade.
And as I posted before the spam level is very high now since mx.hughes.com migration and is forcing me to move from Hughesnet email anyway.
So that will fix two problems for me - guaranteed email delivery to anyone and no/lower spam.
Time to pound the keyboard and move on.