[BlueOnyx:23838] Question about sendmail TLS in 5210R

[Dirk Estenfeld]

Hello,



one of our customer is using a 5210R Server also very intensive for his emails.



Well, about 10% of his e-mail server contacts have the problem that the TLS handshake failed. The reason for this is that there are some servers which arrive at the server with a maximum of TLS 1.1 due to the client and this is not supported by the Sendmail on the CentOS8 server.

I don't want a discussion about "TLSv1.1 is insecure" at this point. I know that. Our customer knows that. But the problem is that he is dealing with an older or more eastern client and that's the way it is.



Therefore the question (which I don't need to discuss in principle): Is it possible to let sendmail speak TLSv1.1 under 5210R (CentOS8) or is it not possible?

Simply adding +SSL_OP_ALLOW_TLSv1_1 to the ServerSSLOptions and ClientSSLOptions line is not enough. Then sendmail will fail to start with a "sm-client.service: Job sm-client.service/start failed with result 'dependency'".

If there is the possibility. What do I have to do to make it work?



Best regards,

Dirk




blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20200514/033bd807/attachment.html>