Difference between revisions of "TLS Problems"
From Roaring Penguin
Line 10: | Line 10: | ||
After you add the above lines, type: | After you add the above lines, type: | ||
:<tt>make -C /etc/mail && /etc/init.d/sendmail reload</tt> | :<tt>make -C /etc/mail && /etc/init.d/sendmail reload</tt> | ||
− | <li>If that doesn't help, you have to disable TLS with the machine | + | <li>If that doesn't help, you have to disable TLS with the machine. Put this lines in /etc/mail/access: |
− | :<tt>Try_TLS: | + | :<tt>Try_TLS:example.com NO</tt> |
And again: | And again: | ||
:<tt>make -C /etc/mail</tt> | :<tt>make -C /etc/mail</tt> |
Revision as of 11:14, 29 April 2015
We've found that Debian 7's version of OpenSSL has problems interoperating with some other SSL implementations. Here are some things you can try:
- Add this to the end of /etc/mail/sendmail.mc:
- LOCAL_CONFIG
- dnl # Do not allow SSLv2 and weak ciphers
- O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
- O ClientSSLOptions=+SSL_OP_NO_TLSv1
- make -C /etc/mail && /etc/init.d/sendmail reload
- If that doesn't help, you have to disable TLS with the machine. Put this lines in /etc/mail/access:
- Try_TLS:example.com NO
- make -C /etc/mail
- If that still does not work, you may have to disable STARTTLS for now by removing
- include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc
- make -C /etc/mail && /etc/init.d/sendmail reload