[BlueOnyx:24027] Re: TLS handshake failing in Sendmail

Ernie ernie at info.eis.net.au
Fri Jun 19 08:29:15 -05 2020


Hi Michael,
I tried that, now I get the following errors with outlook.com

Jun 19 16:36:49 bx3 sendmail[25225]: STARTTLS=server, relay=mail-eopbgr1310103.outbound.protection.outlook.com [40.107.131.103], version=TLSv1.2, verify=OK, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 19 16:36:51 bx3 sendmail[25225]: STARTTLS: write error=syscall error (-1), errno=104, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5

It seems to be right after an email arrives from outlook.com/hotmail.com

Anyone else want to check their maillog for a similar error?

- Ernie.


> Hi Ernie,
> 
> > I am having problems with emails for certain domains getting stuck in the
> > mailq with 5210R. Not had this error in other BX versions.
> > 
> > The server is using a Letsencrypt certificate, and the visite has it's own
> > Letsencrypt certificate. There is only one visite on the server. Most users
> > are sending via smtp AUTH.
> > 
> > The error says:
> >  Deferred: 403 4.7.0 TLS handshake failed
> > 
> > I can get around it by adding a TLS exemption in /etc/mail/access for the
> > domain eg.
> > 
> >   Try_TLS:qld.gov.au NO
> > 
> > But I can't be sitting there all day looking out for handshake failing
> > domains to bypass. I would like to diagnose the problem, but don't know
> > where to start. Any suggestions?
> During the TLS-handshake MTA and sender (or recipient) are negotiating
> to find out what's the best TLS protocol and cipher both support.
> 
> If that negotiation fails, then that means that they were unable to
> establish a common ground.
> 
> On 5210R for Sendmail you might want to try to run this as "root":
> 
> update-crypto-policies --set LEGACY
> 
> Then restart Sendmail and see if that works better for you.
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx


More information about the Blueonyx mailing list