Interestingly, in theory which has an old version of openssl you are having problems with the size of the certificate ... or we who have to date? You know how is the procedure for updating the keys Difie Helmann or updated to perform the upgrade of openssl?
Paul 2015-07-30 3:13 GMT-03:00 Sebastian Grewe <sebast...@grewe.ca>: > Great guide! I was also not a fan of downgrading OpenSSL especially with > the last upgrades required. > > It seems this is a remote issue then where mail servers have Diffie > Helmann keys in a smaller size than required by newer OpenSSL versions. It > may be a good idea to notify those domains with a quick mail to postmaster > at least. Upgrading those keys isn't hard and takes seconds. > > Thanks for the workaround! I am sure others will find it useful! > > Sent from my iPhone > > On 30 Jul 2015, at 08:00, Linux <distribucionli...@gmail.com> wrote: > > Thanks guys, I supposed that one option was to return to my old version of > openssl but this contains some security problems, the solution I found was > to share them if they occur: > > > To resolve the issue I made an exception ssl check for these remote hots. > > I leave the steps in case help someone: > > mkdir /var/qmail/control/notlshosts > touch /var/qmail/control/notlshosts/domain.com > > (If you do not know the mx record of the domain you can use: "dig mx > domain.com") > > touch /var/qmail/control/notlshosts/mail.domain.com > > qmailctl restart > > Done! --> @4000000055943b8f3a664b64 delivery 1: success: > IP_accepted_message./Remote_host_said:_250_2.0.0_t61JC5iW004986_Message_accepted_for_delivery/ > > Best regards, > > > Paul > > > > > 2015-07-25 1:31 GMT-03:00 Nicholas Chua <nicholasc...@outlook.com>: > >> Hi, >> >> Try >> >> yum downgrade openssl-devel openssl >> >> You might need to downgrade a second time which will allow this issue to >> solve >> >> Regards >> nic >> >> >> ------------------------------ >> From: distribucionli...@gmail.com >> Date: Tue, 21 Jul 2015 17:58:17 -0300 >> To: qmailtoaster-list@qmailtoaster.com >> Subject: [qmailtoaster] error sending : SSL3_CHECK_CERT_AND_ALGORITHM:dh >> key too small >> >> >> Hello friends, I have QmailToaster + centos 5.9 and sending emails I've >> been getting some failure notice: >> >> >> -------------------------------------------------------------- >> >> mailer-dae...@dominio.com" >> <mailer-dae...@dominio.com> escribió: >> >> Hi. This is the qmail-send program at dominio.com >> >> I'm afraid I wasn't able to deliver your message to the following >> >> addresses. >> >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> >> <jos...@otherdomain.com>: >> >> TLS connect failed: error:14082174:SSL >> >> routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small; connected to >> 191.8.4.132. >> >> I'm not going to try again; this message has been in the queue too long. >> >> ------------------------------- >> >> >> anyone knows of that is? >> >> Best regards, >> >> Paul >> >> >> >
