[BlueOnyx:13526] Re: TLS message: tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71
Dirk Estenfeld
dirk.estenfeld at bpanet.de
Tue Aug 13 08:45:33 -05 2013
Hello,
never ending story....
Still problems whith sendmail/TLS hat 5106R
If I use a certificate file which includes certificate and key
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/ sendmail.pem ')
apple mail clients can send their emails with ssl enabled. But with gmx and web.de I get the error errormessage:
Aug 13 15:38:07 server sendmail[16630]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1
Aug 13 15:38:07 server sendmail[16630]: STARTTLS=server: 16630:error:1409442F:SSL routines:SSL3_READ_BYTES:tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71
Aug 13 15:38:07 server sendmail[16630]: r7DDc6Mm016630: mout.web.de [212.227.17.11] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
If I separate certificate and key into two files
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmailkey.pem')
Server will receive emails from web.de and gmx but apple mail clients can not send and I see in /var/log/maillog
Aug 13 15:35:06 server sendmail[16393]: STARTTLS=server, relay=tmo-096-42.customers.d1-online.com [1.2.3.4], version=TLSv1/SSLv3, verify=NO, cipher=AES128-SHA, bits=128/128
Aug 13 15:35:07 server sendmail[16393]: r7DDYwvh016393: tmo-096-42.customers.d1-online.com [1.2.3.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
I also tried
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmailkey.pem')
define(`confCLIENT_CERT',`/usr/share/ssl/certs/sendmailclient.pem')
define(`confCLIENT_KEY',`/usr/share/ssl/certs/sendmailclient.pem')
and hoped that I found the solution to separate servers and clients. But in this case web.de and gmx mails can not be received.
What can I do to get mails from web.de and gmx and have apple mail clients to send their emails.
What seperates the 5106R (where I have the issues) from the 5108R (where I do not have the issues)?
Best regards,
Dirk
-----------------------------------------------
Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 Frankfurt
More information about the Blueonyx
mailing list