Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)
On Sat, Nov 10, 2018 at 11:34:41PM +0100, BERTRAND Joël wrote: > > I have changed _both_ values and I cannot connect to orange.fr or > hotmail.com with sendmail. If I use stable package, sendmail runs as > expected. hotmail.com works with the default settings, it actually supports TLS 1.2 and things like that. I have no idea why it doesn't work for you, or why it doesn't work with sendmail, but this does not look like an openssl issue, so I've reassign it to the sendmail package. Kurt
Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)
Kurt Roeckx a écrit : > On Sat, Nov 10, 2018 at 08:17:19PM +0100, BERTRAND Joël wrote: >> Kurt Roeckx a écrit : >>> On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote: On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote: > Kurt Roeckx a écrit : >> On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote: >>> Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, >>> arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 >>> ... do not try TLS with smtp-in.orange.fr [80.12.242.9] >>> Nov 7 09:17:31 rayleigh sm-mta[10148]: wA68PQwK006059: >>> to=, delay=23:52:05, xdelay=00:00:01, mailer=esmtp, >>> pri=77460547, relay=smtp-in.orange.fr. [80.12.242.9], dsn=5.0.0, >>> stat=Service unavailable >> >> That server only seems to support TLS 1.0. >> >> Have you read: /usr/share/doc/libssl1.1/NEWS.Debian.gz >> >> Anyway, I suggest you file a bug against sendmail to override the >> defaults. > > I have read /usr/share/doc/libssl1.1/NEWS.Debian.gz and tested all > workarounds without any success. And you restarted sendmail after changing /etc/ssl/openssl.cfg? >>> >>> Any update on this? >> >> Of course, I have updated /etc/ssl/openssl.cfg with suggestions in NEWS >> file and restarted sendmail without success. > > All I can say is that if I change both values to the value from > NEWS, I can connect to it, otherwise I can't. I have changed _both_ values and I cannot connect to orange.fr or hotmail.com with sendmail. If I use stable package, sendmail runs as expected.
Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)
On Sat, Nov 10, 2018 at 08:17:19PM +0100, BERTRAND Joël wrote: > Kurt Roeckx a écrit : > > On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote: > >> On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote: > >>> Kurt Roeckx a écrit : > On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote: > > Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, > > arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 > > ... do not try TLS with smtp-in.orange.fr [80.12.242.9] > > Nov 7 09:17:31 rayleigh sm-mta[10148]: wA68PQwK006059: > > to=, delay=23:52:05, xdelay=00:00:01, mailer=esmtp, > > pri=77460547, relay=smtp-in.orange.fr. [80.12.242.9], dsn=5.0.0, > > stat=Service unavailable > > That server only seems to support TLS 1.0. > > Have you read: /usr/share/doc/libssl1.1/NEWS.Debian.gz > > Anyway, I suggest you file a bug against sendmail to override the > defaults. > >>> > >>> I have read /usr/share/doc/libssl1.1/NEWS.Debian.gz and tested all > >>> workarounds without any success. > >> > >> And you restarted sendmail after changing /etc/ssl/openssl.cfg? > > > > Any update on this? > > Of course, I have updated /etc/ssl/openssl.cfg with suggestions in NEWS > file and restarted sendmail without success. All I can say is that if I change both values to the value from NEWS, I can connect to it, otherwise I can't. Kurt
Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)
Kurt Roeckx a écrit : > On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote: >> On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote: >>> Kurt Roeckx a écrit : On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote: > Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, > arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 > ... do not try TLS with smtp-in.orange.fr [80.12.242.9] > Nov 7 09:17:31 rayleigh sm-mta[10148]: wA68PQwK006059: > to=, delay=23:52:05, xdelay=00:00:01, mailer=esmtp, > pri=77460547, relay=smtp-in.orange.fr. [80.12.242.9], dsn=5.0.0, > stat=Service unavailable That server only seems to support TLS 1.0. Have you read: /usr/share/doc/libssl1.1/NEWS.Debian.gz Anyway, I suggest you file a bug against sendmail to override the defaults. >>> >>> I have read /usr/share/doc/libssl1.1/NEWS.Debian.gz and tested all >>> workarounds without any success. >> >> And you restarted sendmail after changing /etc/ssl/openssl.cfg? > > Any update on this? Of course, I have updated /etc/ssl/openssl.cfg with suggestions in NEWS file and restarted sendmail without success. JKB
Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)
On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote: > On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote: > > Kurt Roeckx a écrit : > > > On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote: > > >> Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, > > >> arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 > > >> ... do not try TLS with smtp-in.orange.fr [80.12.242.9] > > >> Nov 7 09:17:31 rayleigh sm-mta[10148]: wA68PQwK006059: > > >> to=, delay=23:52:05, xdelay=00:00:01, mailer=esmtp, > > >> pri=77460547, relay=smtp-in.orange.fr. [80.12.242.9], dsn=5.0.0, > > >> stat=Service unavailable > > > > > > That server only seems to support TLS 1.0. > > > > > > Have you read: /usr/share/doc/libssl1.1/NEWS.Debian.gz > > > > > > Anyway, I suggest you file a bug against sendmail to override the > > > defaults. > > > > I have read /usr/share/doc/libssl1.1/NEWS.Debian.gz and tested all > > workarounds without any success. > > And you restarted sendmail after changing /etc/ssl/openssl.cfg? Any update on this? Kurt