How to Establish Connection Without TLS

[root@testingsmtp ~]# /opt/kumomta/sbin/kcli trace-smtp-server
[139.99.8.38:59486->10.0.0.1:25] === Connected 2024-11-15 08:58:49.072588445 UTC
[139.99.8.38:59486->10.0.0.1:25] === conn_meta hostname=“kumomta.domain.io”
[139.99.8.38:59486->10.0.0.1:25] === conn_meta received_from=“10.0.8.38:59486”
[139.99.8.38:59486->10.0.0.1:25] === conn_meta received_via=“10.0.0.1:25”
[139.99.8.38:59486->10.0.0.1:25] === conn_meta reception_protocol=“ESMTP”
[139.99.8.38:59486->10.0.0.1:25] 17µs ← 220 kumomta.domain.io Welcome to Mailercloud
[139.99.8.38:59486->10.0.0.1:25] 250ms → EHLO localhost
[139.99.8.38:59486->10.0.0.1:25] 250ms === smtp_server_ehlo: Ok
[139.99.8.38:59486->10.0.0.1:25] 250ms ← 250-kumomta.domain.io Aloha localhost
[139.99.8.38:59486->10.0.0.1:25] 250ms ← 250-PIPELINING
[139.99.8.38:59486->10.0.0.1:25] 250ms ← 250-ENHANCEDSTATUSCODES
[139.99.8.38:59486->10.0.0.1:25] 250ms ← 250 STARTTLS
[139.99.8.38:59486->10.0.0.1:25] 500ms → STARTTLS
[139.99.8.38:59486->10.0.0.1:25] 500ms === conn_meta ehlo_domain=“localhost”
[139.99.8.38:59486->10.0.0.1:25] 500ms ← 220 Ready to Start TLS
[139.99.8.38:59486->10.0.0.1:25] 1s === ERROR: error reading: Connection reset by peer (os error 104)
[139.99.8.38:59486->10.0.0.1:25] 1s === Closed

This is the result after troubleshooting

That clearly shows your client application requested STARTTLS.

please tell me is your certificate wildcard or single??

Reason of asking I can see others threads where it’s valid for on domain but not for other so my guess would be you have generated only single domain certificate

yes. this is single domain certificate

Assuming this is working and will close