[BlueOnyx:13526] Re: TLS message: tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71

Dirk Estenfeld dirk.estenfeld at bpanet.de
Tue Aug 13 08:45:33 -05 2013 

Hello,

never ending story....
Still problems whith sendmail/TLS hat 5106R

If I use a certificate file which includes certificate and key 

define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/ sendmail.pem ')

apple mail clients can send their emails with ssl enabled. But with gmx and web.de I get the error errormessage:

Aug 13 15:38:07 server sendmail[16630]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1
Aug 13 15:38:07 server sendmail[16630]: STARTTLS=server: 16630:error:1409442F:SSL routines:SSL3_READ_BYTES:tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71
Aug 13 15:38:07 server sendmail[16630]: r7DDc6Mm016630: mout.web.de [212.227.17.11] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

If I separate certificate and key into two files 

define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmailkey.pem')

Server will receive emails from web.de and gmx but apple mail clients can not send and I see in /var/log/maillog 

Aug 13 15:35:06 server sendmail[16393]: STARTTLS=server, relay=tmo-096-42.customers.d1-online.com [1.2.3.4], version=TLSv1/SSLv3, verify=NO, cipher=AES128-SHA, bits=128/128
Aug 13 15:35:07 server sendmail[16393]: r7DDYwvh016393: tmo-096-42.customers.d1-online.com [1.2.3.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

I also tried 

define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmailkey.pem')
define(`confCLIENT_CERT',`/usr/share/ssl/certs/sendmailclient.pem')
define(`confCLIENT_KEY',`/usr/share/ssl/certs/sendmailclient.pem')

and hoped that I found the solution to separate servers and clients. But in this case web.de and gmx mails can not be received.

What can I do to get mails from web.de and gmx and have apple mail clients to send their emails.
What seperates the 5106R (where I have the issues) from the 5108R (where I do not have the issues)?

Best regards,
Dirk

-----------------------------------------------
Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 Frankfurt

More information about the Blueonyx mailing list