• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

7.5.1, email, TLS_connect_failed

R

RexAdmin

Guest
First system: Plesk Reloaded 7.5.1 (upgraded from 7.1.6)

Second system: Plesk Reloaded 7.1.6

When sending email from second the first server it can't be delivered, message in /usr/local/var/psa/maillog is:

Dec 16 15:47:05 u15154894 qmail: 1103240825.596320 delivery 98: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:sslv3_alert_handshake_failure;_connected_to_MASKED_SERVER_IP./

No certs were installed manually or similar.
 
Below is only snippet from install log that might be problematic, note unable to write 'random state'.

===> Installing Qmail server
Trying to set maillog file to /usr/local/psa/var/log/maillog... done
Configuring Qmail...
Trying to generate SSL certificates for TLS sessions... Generating RSA private key, 512 bit long modulus
....++++++++++++
........................++++++++++++
unable to write 'random state'
e is 65537 (0x10001)

Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
...........................................................+.................+..+.............+.........................+................+.+...+..................................+.+.................................................................++*++*++*++*++*++*
unable to write 'random state'

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..............................+.........................................+......+.........................................+......+...............................................................................+..........+.........+.....................................................+........................................................................................................................................+...........................................................................................+....................+.......................+...................................................................................+...........................+..+.................................................+....................................................+..+................................................................................................................................................................+...................................................................................................................................+....+......+................................+..................+..+....................................................................+.................................+.........................+....................................................+.....................+...................+.......+......................................+.............+.......................................+.........+.....................+...........................................................+........+................................................................+.........................+.......++*++*++*
unable to write 'random state'
 
I've forgot to reply to myself with "solution" for this so important problem/bug which is not addresses by SW-Soft in, now, months which is beyond my understand of running business.

To disable TLS you need to remove (backup) .pem files from /var/qmail/control/ directory and you will start to receive normaly emails (without TLS errors).

Good luck.
 
Doesn't work here

With Plesk 7.5 reloaded, I made the following changes in an attempt to turn off TLS functionality:

  • In /etc/xinetd.d/smtp_psa, add
    Code: 
    env = DENY_TLS=1
  • In /etc/init.d/psa and /etc/init.d/qmail, add
    Code: 
    DENY_TLS=1
export DENY_TLS
  • Renamed all /var/qmail/control/*.pem files to *.pem.old.

and *STILL* I can't deliver mail from Plesk to a server that advertises TLS yet rejects the self-signed Plesk cert.

Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability?
 
You must log in or register to reply here.

Similar threads

T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
J
Question Problem with limit email counting and forwarding addresses
Replies
6
Views
1K
jterry
J
burnley
Forwarded to devs Obsidian on CentOS 7: Deleting a subscription with several domains attached via Plesk API killed Dovecot
Replies
1
Views
1K
IgorG
IgorG
J
Issue PHPMailer - X-PPP-Vhost header is changed to subscription-domain and causes DMARC reject
Replies
1
Views
4K
japjay
J
C
Multiple Received-SPF Headers Added To Emails Sent To A Group Email Address
Replies
1
Views
3K
ChrisMallabon
C
Back
Top