On Fri, Jan 24, 2020 at 01:07:30PM -0500, Bill Cole via mailop wrote: > On 24 Jan 2020, at 12:09, John Covici via mailop wrote: [..] >>> On 23 Jan 2020, at 18:01, John Covici via mailop wrote: >>>> Hi. I am using sendmail from my own server and using a virtual >>>> machine in the cloud as a relay. That machine all of a sudden >>>> several >>>> days ago keeps getting a message saying >>>> Jan 23 17:51:33 debian-2 sm-mta[7625]: STARTTLS=client, error: >>>> connect >>>> failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 [..]
>> Yep, looks good. But does that help if its the far end that is the >> problem? > Not if that message is your Sendmail/OpenSSL complaining about the far > end offering too small a key, but I'm not 100% certain that this is what > that log line indicates. The lack of a "relay=" element identifying the > far end host suggests that this is an entirely local problem. As soon an error happens, no relay= entry appears at all. I think that relay= part exists only if the TLS connection has been established. In my log file I have many such lines. Possibly there is a following line with further information on this, like this here: Jan 24 21:59:01 tuvok sendmail[8303]: STARTTLS=client, error: connect failed=-1, reason=sslv3 alert illegal parameter, SSL_error=1, errno=0, retry=-1 Jan 24 21:59:01 tuvok sendmail[8303]: ruleset=tls_server, arg1=SOFTWARE, relay=mx.mv.ru, reject=403 4.7.0 TLS handshake failed. Alas, I didn't have a "dh key to small" in my logs to proof it. Johann _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
