Re: [qmailtoaster] Mail Failure

Fri, 09 Mar 2018 14:08:11 -0800 

So,
If you want to stop TLS for a particular domain as QMT will encrypt via TLS all SMTP traffic unless 1) a mail server does not support it, 2) incompatible encryption (your case), 3) you prohibit it for a certain domain (following example), do the following: 

1) # nslookup -type=mx 'domain.tld'

domain.tld     mail exchanger = 0 mx.domain.tld.

1) mkdir /var/qmail/control/notlshosts/

2) touch /var/qmail/control/notlshosts/mx.domain.tld

This will stop all traffic to domain.tld from being encrypted.

Eric


On 3/9/2018 9:17 AM, Eric Broch wrote:



I'm not sure it will work. It installs side by side with old rpms 
openssl and openssl-devel. I'd try creating the notlshosts/<fqdn> 
first, and let me do some experimenting.



On 3/9/2018 9:14 AM, Rvaught wrote:


Thank you, I will give this a try.

Rick

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:50 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Mail Failure

In fact, here's a binary

https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

and the how to

 1. Download the latest epel-release rpm from

http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

 2. Install epel-release rpm:

# rpm -Uvh epel-release*rpm

 3. Install openssl101e rpm package:

# yum install openssl101e

On 3/9/2018 8:47 AM, Eric Broch wrote:

    That's the issue. TLSv1.1 & TLSv1.2 are only support in openssl-1.*

    You could disable TLS for this email address
    
(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).

    Or, you could upgrade manually openssl on CentOS 5
    
(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).

    Eric

    On 3/9/2018 8:30 AM, Rvaught wrote:

        Version .9.8e-33.el5_11

        *From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
        *Sent:* Friday, March 09, 2018 10:26 AM
        *To:* qmailtoaster-list
        *Subject:* Re: [qmailtoaster] Mail Failure

        What version of openssl is on your host?

        # rpm -qa | grep openssl

        On 3/8/2018 11:22 AM, Rvaught wrote:

            I am getting this failure when trying to send mail to one
            email address.

            The error is TLS connect failed: error 140770FC: SSL
            routing: SSL 3_GET_SERVER_HELLO: unknown protocol. It
            appears your server wants a TLS or SSL connection or
            certificate.

            I am running a qmail toaster on Centos 5.11.

            How can I tell what version TLS I am using? The support
            person on the other end says they do not accept version
            of  lower than TLS 1.1 or 1.2.

            Thanks ,

            Rick





        -- 


        Eric Broch

        White Horse Technical Consulting (WHTC)




    -- 


    Eric Broch

    White Horse Technical Consulting (WHTC)



--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)























					Reply via email to