[BlueOnyx:17789] Re: Base Email Update And dnsexit.com Mail Relay
Michael Stauber
mstauber at blueonyx.it
Mon Jun 15 12:15:28 -05 2015
Hi Phil,
> If it of any help, we just got a bounce back from dnsexit.com and it says
> there is a TLS handshake Fail.
Before you do anything else: Do another "yum update" to get the
base-email that again contains a GUI for your platform. Then restart cced:
/sbin/service cced.init restart
If it then still doesn't work, then it we can assume that dnsexit.com is
not supporting any half way modern or secure TLS ciphers for secure
email on their mailserver. Your server tries to send email to them. Both
servers talk to each others and try to negotiate protocols and ciphers.
Your server (after the base-email update) says:
- I don't support crappy SSLv2 or SSLv3.
- Talk to me using TLSv1.2, TLSv1.1 or TLSv1.0.
- Here is the list of secure cyphers I support.
And at one of these stages the mailserver on dnsexit.com says: "I don't
have that or I can't do that."
Or they have the same issues we had before our base-email update:
They updated their OpenSSL and now their Sendmail and their OpenSSL
disagree about the minimum bits needed for Diffie Hellman exhanges in
ciphers that need DH.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list