Hello Dynu Support,

I am troubleshooting inbound email with your Store/Forward service. My server is correctly accepting implicit TLS connections, but your relays appear to attempt STARTTLS. This causes TLS handshakes to fail, which is unrelated to authentication.

Evidence:

My server accepts implicit TLS on port 2525 (working test):
openssl s_client -connect server.petadorn.com:2525 -servername server.petadorn.com </dev/null
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R13
verify return:1
depth=0 CN=server.petadorn.com
verify return:1
---
Certificate chain
0 s:CN=server.petadorn.com
i:C=US, O=Let's Encrypt, CN=R13
...
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Verify return code: 0 (ok)
This shows the certificate (CN=server.petadorn.com) is valid and TLS negotiation succeeds.

Exim log shows STARTTLS attempts failing (not authentication):
2025-09-18 23:10:29 TLS error on connection from www.dynu.com [162.216.242.29]:59728 (SSL_accept): error:0A000126:SSL routines::unexpected eof while reading
2025-09-18 23:19:48 TLS error on connection from www.dynu.com [162.216.242.29]:59750 (SSL_accept): error:0A000126:SSL routines::unexpected eof while reading
2025-09-18 23:27:34 TLS error on connection from [192.168.0.112]:60170 (SSL_accept): timed out
These errors happen when your relay connects using STARTTLS against a port configured for implicit TLS. That is a mode mismatch, not a username/password issue.

Request:

Please confirm that your MX servers (mx1.dynu.com and mx2.dynu.com) can deliver to my server (server.petadorn.com) on port 2525 (or 26) using SSL/TLS (implicit) instead of STARTTLS.

If you test delivery with implicit TLS, the handshake will succeed, and mail should flow correctly.

Thank you,
Pamela