i get new for me error, when try to send mail to one of address:
Dec 22 04:58:29 sten sm-mta: STARTTLS=client, relay=allentech.net., version=TLSv1/SSLv3, verify=FAIL, cipher=CAMELLIA256-SHA, bits=256/256
Dec 22 04:58:29 sten sm-mta: STARTTLS: read error=generic SSL error (-1), errno=0, get_error=error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
mac, retry=1, ssl_err=1
Dec 22 04:58:29 sten sm-mta: rBH9OxpV022923: to=<siri@domain>, ctladdr=<john@domain> (1003/100), delay=4+17:33:28, xdelay=00:00:03, mailer=esmtp, pri=247016
85, relay=allentech.net. [184.108.40.206], dsn=4.0.0, stat=Deferred: Input/output error
try to resend that mail after it get back after five days, and get the same.
can anyone tell me, what direction i must to look and so on?
with another recipients i do not have similar problems, all work.
on other hand - i do not sure, i have an ssl3 links to another my email respondents.
my mailserver is slackware64 14.0 with default sendmail....
thanks on advice
i think the problem is related to SSL, don't know if caused by TX errors or error in encryption/decryption; what version on ssl are you using?
i do some research in logfiles, and found, earlier, when mail going ok, there also be a STARTTLS error, but not a second error:
10:24:18 sten sm-mta: STARTTLS=client, relay=allentech.net., version=TLSv1/SSLv3, verify=FAIL, cipher=CAMELLIA256-SHA, bits=256/256
10:24:36 sten sm-mta: rB38OFgO022473: to=<siri@allen>, ctladdr=<john@domain> (1003/100), delay=00:00:21, xdelay=00:00:20, mailer=esmtp, pri=7121323, relay=allentech.net. [220.127.116.11], dsn=2.0.0, stat=Sent (OK id=1VnlHO-0003f5-GW)
i restarted sendmail ( ./rc.sendmail restart ), but in that direction no changes...
took a quick look at the sendmail source (i have 8.14.7 installed); the error is in file ./sendmail/sfsasl.c, function tls_read (line 717). The function SSL_read fails and returns a value of 0, according to 'man SSL_read' this means it was an improper shutdown.
According to 'man SSL_get_error', SSL_ERROR_SSL is a protocol error. Try to upgade to SSL-1.0.1e and see if it happens again.
but i do not change or touch my mailserver configuration for several months - and that problem get out about a two or so weeks ago. very strange. now i update openssl and openssl solibs to 1.0.1e and see, what happens
PS upgrades, restart sendmail - and get a
Dec 29 13:13:44 sten sm-mta: starting daemon (8.14.5): SMTP+queueing@00:25:00
Dec 29 13:13:44 sten sm-msp-queue: starting daemon (8.14.5): queueing@00:25:00
Dec 29 13:13:47 sten sm-mta: STARTTLS=client, relay=allentech.net., version=TLSv1/SSLv3, verify=FAIL, cipher=CAMELLIA256-SHA, bits=256/256
Dec 29 13:13:53 sten sm-mta: rBQF73KP004757: to=<siri@allent>, ctladdr=<john@domain> (1003/100), delay=2+20:06:50, xdelay=00:00:09, maile
r=esmtp, pri=15083832, relay=allentech.net. [18.104.22.168], dsn=2.0.0, stat=Sent (OK id=1VxEJa-0003xb-Qu)
EG look, now it's works!
thank you very much!
but interesting, where is reason? because in my side there not be any changes for long time, and all works until suddently stops. there may cause by other side ( ellentech) upgraded their openssl and there starting some incompatibility between the machines?
it seems so, in the last version they changed some protocol behaviour. if upgrading isn't a solution, or you can't do that, you have to force some protocol in place of another
ok, thank you again.
the first string, version=TLSv1/SSLv3, verify=FAIL
is, as i understand, because i have no SSL certificates? and if i have a selfmade certificates, without authority signed, i also do not have a good working ssl protocol on mail, as it is with http / apache ( https) ?
its not a big deal, simply want a bit more understand in that topic...
the server don't know the CA of the certificate your sendmail is using; for an home sendmail it's quite normal, simply, the server doesn't trust you by certificate, but you can have other credentials, like user/pass login
|All times are GMT -5. The time now is 06:51 PM.|