InterNetworX | Michael Rößler writes:
Hello @ll,I have sometimes problems when somebody send us email over starttls (sometimes it works). As followed a snippet from mail.log: Mar 6 13:38:08 localhost courieresmtpd: started,ip=[::ffff:x.x.x.x] Mar 6 13:38:09 localhost courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number These are the config-files #/etc/courier/esmtpd TLS_PROTOCOL=TLS1 TLS_CIPHER_LIST is unconfigured PORT=smtp #/etc/courier/esmtpd-ssl ESMTPDSSLSTART="NO" TLS_PROTOCOL=TLS1 TLS_CIPHER_LIST is unconfigured SSLPORT=465 ESMTPDSSLSTART="NO" I am not sure if senders mta is the problem or our configuration (Maybe TLS_CIPHER_LIST)? Could it be that some ciphers of TLS1 and SSLv3 are the same?
The recommended setting for 0.74 is "TLSv1.1+", as TLSv1, and below are currently considered insecure.
You're running an older version, your only option is "SSL23", which accepts all ciphers, including insecure ones. Doesn't really matter, for SMTP, since the default is a fallback to an unsecured connection.
pgpbfFfbLH6s1.pgp
Description: PGP signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
