Re: [exim] SSL encryption rejected
OK, thanks Viktor Best regards, Jorge - Original Message - From: "Viktor Dukhovni via Exim-users" To: Cc: "Viktor Dukhovni" Sent: Monday, September 16, 2019 10:19 PM Subject: Re: [exim] SSL encryption rejected On Mon, Sep 16, 2019 at 05:05:47PM -0300, Jorge Listas via Exim-users wrote: > days ago my hosting provider has updated exim without notifying me, from > version 4.87_1 to 4.89 > > It is installed on a server under CentOS release 5.11 and with openSSL > 0.98e OpenSSL 0.9.8 has been unsupported for more than 5 years now. It has substantial security issues, and must be used. Since that time * OpenSSL 1.0.0 was published and reached EOL * OpenSSL 1.0.1 was published and reached EOL * OpenSSL 1.0.2 was published and is expected reach EOL (5 years since initial release) in December of this year. * OpenSSL 1.1.1 was published in Sep 2018, and is the latest stable version. DO NOT deploy production systems with OpenSSL 0.9.8, nor likely Exim 4.89 for that matter, and perhaps also CentOS 5.x, superceded by Centos 6 and Centos 7. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ --- El software de antivirus Avast ha analizado este correo electrónico en busca de virus. https://www.avast.com/antivirus -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SSL encryption rejected
On Monday, 16 September 2019 22:05:47 CEST Jorge Listas via Exim-users wrote: > days ago my hosting provider has updated exim without notifying me, from > version 4.87_1 to 4.89 > > It is installed on a server under CentOS release 5.11 and with openSSL 0.98e > > From that moment I have problems sending and receiving emails with SSL > encryption, so my provider suggested adding > > hosts_avoid_tls = * > > in the remote_smtp: block of transports > > Despite this modification in the config file, a large number of emails sent > to my server are rejected with cause: > > STARTTLS command rejected > > Has this happened to anyone? > > Can someone guide me on how to fix it? I suspect that servers trying to deliver messages to your server insist on delivering them using TLS, which you have now disabled. Perhaps the only host to be excempted from delivering via TLS should be the one of your hosting provider. But then, I'd rather have all servers using TLS rather than sending them unencrypted anyway. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SSL encryption rejected
Am 17.09.19 um 03:19 schrieb Viktor Dukhovni via Exim-users: > > OpenSSL 0.9.8 has been unsupported for more than 5 years now. It > has substantial security issues, and must be used. Since that time *not* be used... best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SSL encryption rejected
On Mon, Sep 16, 2019 at 05:05:47PM -0300, Jorge Listas via Exim-users wrote: > days ago my hosting provider has updated exim without notifying me, from > version 4.87_1 to 4.89 > > It is installed on a server under CentOS release 5.11 and with openSSL 0.98e OpenSSL 0.9.8 has been unsupported for more than 5 years now. It has substantial security issues, and must be used. Since that time * OpenSSL 1.0.0 was published and reached EOL * OpenSSL 1.0.1 was published and reached EOL * OpenSSL 1.0.2 was published and is expected reach EOL (5 years since initial release) in December of this year. * OpenSSL 1.1.1 was published in Sep 2018, and is the latest stable version. DO NOT deploy production systems with OpenSSL 0.9.8, nor likely Exim 4.89 for that matter, and perhaps also CentOS 5.x, superceded by Centos 6 and Centos 7. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] SSL encryption rejected
Jorge Listas via Exim-users (Mo 16 Sep 2019 22:05:47
CEST):
> days ago my hosting provider has updated exim without notifying me, from
> version 4.87_1 to 4.89
>
> It is installed on a server under CentOS release 5.11 and with openSSL 0.98e
>
> From that moment I have problems sending and receiving emails with SSL
> encryption, so my provider suggested adding
>
> hosts_avoid_tls = *
I would not recommend this, and I believe, Exim should fallback to
Non-TLS anyway, if setting up the encrypted connection does not work.
Are there other TLS related settings in your config?
I'm not sure how recent OpenSSL 0.98e is.
> Despite this modification in the config file, a large number of emails sent
> to my server are rejected with cause:
>
> STARTTLS command rejected
I do not see why Exim should reject STARTTLS. Maybe it would do so, if
the tls_advertise_hosts main config option is empty or doesn't match the
current connection.
Do you have more output from the logs?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 -
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] SSL encryption rejected
days ago my hosting provider has updated exim without notifying me, from version 4.87_1 to 4.89 It is installed on a server under CentOS release 5.11 and with openSSL 0.98e >From that moment I have problems sending and receiving emails with SSL encryption, so my provider suggested adding hosts_avoid_tls = * in the remote_smtp: block of transports Despite this modification in the config file, a large number of emails sent to my server are rejected with cause: STARTTLS command rejected Has this happened to anyone? Can someone guide me on how to fix it? Thanks in advance. Jorge Colaccini --- El software de antivirus Avast ha analizado este correo electrónico en busca de virus. https://www.avast.com/antivirus -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
