[BlueOnyx:24027] Re: TLS handshake failing in Sendmail
ernie at info.eis.net.au
Fri Jun 19 08:29:15 -05 2020
I tried that, now I get the following errors with outlook.com
Jun 19 16:36:49 bx3 sendmail: STARTTLS=server, relay=mail-eopbgr1310103.outbound.protection.outlook.com [126.96.36.199], version=TLSv1.2, verify=OK, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 19 16:36:51 bx3 sendmail: STARTTLS: write error=syscall error (-1), errno=104, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5
It seems to be right after an email arrives from outlook.com/hotmail.com
Anyone else want to check their maillog for a similar error?
> Hi Ernie,
> > I am having problems with emails for certain domains getting stuck in the
> > mailq with 5210R. Not had this error in other BX versions.
> > The server is using a Letsencrypt certificate, and the visite has it's own
> > Letsencrypt certificate. There is only one visite on the server. Most users
> > are sending via smtp AUTH.
> > The error says:
> > Deferred: 403 4.7.0 TLS handshake failed
> > I can get around it by adding a TLS exemption in /etc/mail/access for the
> > domain eg.
> > Try_TLS:qld.gov.au NO
> > But I can't be sitting there all day looking out for handshake failing
> > domains to bypass. I would like to diagnose the problem, but don't know
> > where to start. Any suggestions?
> During the TLS-handshake MTA and sender (or recipient) are negotiating
> to find out what's the best TLS protocol and cipher both support.
> If that negotiation fails, then that means that they were unable to
> establish a common ground.
> On 5210R for Sendmail you might want to try to run this as "root":
> update-crypto-policies --set LEGACY
> Then restart Sendmail and see if that works better for you.
> With best regards
> Michael Stauber
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
More information about the Blueonyx