Re: [qmailtoaster] dh_key_too_small

Wed, 10 Jul 2024 06:50:59 -0700 

Chris,
As of qmail-1.03-3.3.10 the dh and rsa key requirements have been removed from qmail-smtpd and qmail-remote per openssl policies. 


Is this happening when receiving or sending mail or both? If when 
receiving mail do you have spamdyke in place?


Eric

On 7/9/2024 3:15 PM, Chris Knight wrote:



On Jul 10, 2024, at 1:34 AM, Eric Broch <ebr...@whitehorsetc.com> wrote:

What system are you on? OS, qmt, etc...


System:
NAME="Rocky Linux"
VERSION="9.4 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.4"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.4 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/";
BUG_REPORT_URL="https://bugs.rockylinux.org/";
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.4"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION=“9.4"


qmt:  qmt-release-1-8.qt.el9





On 7/8/2024 11:43 PM, Chris wrote:

Back in 2020 there was a thread about mail delivery deferrals with the message 
"dh key too small'.  Well, I've got them on the toaster I just put into 
production.

TLS_connect_failed:_error:0A00018A:SSL_routines::dh_key_too_small

The advise at the time was to check the crypto policy (update-crypto-policies 
--show) and to set to LEGACY if that's not the case.

# update-crypto-policies --show
LEGACY

# update-crypto-policies --is-applied
The configured policy is applied

# update-crypto-policies --check
The configured policy matches the generated policy

These tests indicate I am using legacy settings, but I am still getting these 
delivery issues.

Any suggestions?


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com























					Reply via email to