403 4.7.0 TLS handshake failed

[ErwanG]

Hello,

Some emails are not delivery to Qmail server (Plesk 12). Error message:

Deferred: 403 4.7.0 TLS handshake failed.

What's the problem? I have found nothing about that...

Thank you.

Erwan

 

[IgorG]

Make sure that you have file /var/qmail/control/tlsserverciphers with following content:

ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:+HIGH:+MEDIUM

 

[ErwanG]

Igor,

I have exactly the same content...

 

[ErwanG]

There is no problem with most of the users but for some:
- error message with: 403 4.7.0 TLS handshake failed
- no error message but the noting in the recepient account...

In the log there isn't no trace.

I don't understand. It seems to be a problem since Poodle & Beast update for this server.

 

[ErwanG]

Another thing (related?) : with Horde, we can not send message.

Error: Could not open secure TLS connection to the server

 

[IgorG]

Do you have 12.0 or 12.5 Plesk version?

 

[ErwanG]

12.0

 

[IgorG]

Have you checked this KB article?

http://kb.odin.com/en/125481

 

[ErwanG]

Yes. I've not this problem.

I've found that : http://serverfault.com/questions/667692/reason-403-4-7-0-tls-handshake-failed
But i don't know how i can fix.

 

[ErwanG]

Igor,

From another server to the server:

#openssl s_client -starttls smtp -connect pop3.xxx.com:25

I have:
....
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
...
Is Cipher correct?

 

[IgorG]

On my test 12.0 Plesk server with default installation I see:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

 

[ErwanG]

How i can change it?

 

[ErwanG]

Igor,

If i change mail server (Qmail) to Postfix, is the ssl config is reset or no?
Or how i can reset ssl config?

 

[IgorG]

If i change mail server (Qmail) to Postfix

Yes, I think it is good idea which may help.

 

[ErwanG]

We have had the problem with 3 servers. We have tested the migration on one of them yesterday night.
It seems that the problem disapear.