Symptoms
The Exim error_log shows messages similar to the following:
TLS error on connection from [192.168.1.1]:47082 (SSL_accept (TLSv1.2)): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Description
The error is caused by an email client attempting to connect to a server that does not support the TLS protocols that are currently enabled.
Workaround
The most secure option is to use an email client that supports TLS 1.2 or newer security protocols. The protocols and ciphers currently enabled on the server can be checked with the following command:
nmap -sV --script ssl-enum-ciphers -p 465,993 [server]
Replace the "[server]" string with the server's IP or the affected domain.
We have additional information on how to adjust your server's SSL protocols here:
How to Update Ciphers and TLS Protocols