Difference between revisions of "TLS Problems"

From Roaring Penguin
Jump to: navigation, search
Line 10: Line 10:
 
After you add the above lines, type:
 
After you add the above lines, type:
 
:<tt>make -C /etc/mail && /etc/init.d/sendmail reload</tt>
 
:<tt>make -C /etc/mail && /etc/init.d/sendmail reload</tt>
<li>If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br.  Put this lines in /etc/mail/access:
+
<li>If that doesn't help, you have to disable TLS with the machine.  Put this lines in /etc/mail/access:
:<tt>Try_TLS:gwmail.bradescoseguros.com.br   NO</tt>
+
:<tt>Try_TLS:example.com   NO</tt>
 
And again:  
 
And again:  
 
:<tt>make -C /etc/mail</tt>
 
:<tt>make -C /etc/mail</tt>

Revision as of 12:14, 29 April 2015

We've found that Debian 7's version of OpenSSL has problems interoperating with some other SSL implementations. Here are some things you can try:

  1. Add this to the end of /etc/mail/sendmail.mc:
    LOCAL_CONFIG
    dnl # Do not allow SSLv2 and weak ciphers
    O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
    O ClientSSLOptions=+SSL_OP_NO_TLSv1
    After you add the above lines, type:
    make -C /etc/mail && /etc/init.d/sendmail reload
  2. If that doesn't help, you have to disable TLS with the machine. Put this lines in /etc/mail/access:
    Try_TLS:example.com NO
    And again:
    make -C /etc/mail
  3. If that still does not work, you may have to disable STARTTLS for now by removing
    include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc
    And running:
    make -C /etc/mail && /etc/init.d/sendmail reload