1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

7.5.1, email, TLS_connect_failed

Discussion in 'Plesk for Linux - 8.x and Older' started by RexAdmin, Dec 16, 2004.

  1. RexAdmin

    RexAdmin Guest

    0
     
    First system: Plesk Reloaded 7.5.1 (upgraded from 7.1.6)

    Second system: Plesk Reloaded 7.1.6

    When sending email from second the first server it can't be delivered, message in /usr/local/var/psa/maillog is:

    Dec 16 15:47:05 u15154894 qmail: 1103240825.596320 delivery 98: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:sslv3_alert_handshake_failure;_connected_to_MASKED_SERVER_IP./

    No certs were installed manually or similar.
     
  2. RexAdmin

    RexAdmin Guest

    0
     
    Below is only snippet from install log that might be problematic, note unable to write 'random state'.

    ===> Installing Qmail server
    Trying to set maillog file to /usr/local/psa/var/log/maillog... done
    Configuring Qmail...
    Trying to generate SSL certificates for TLS sessions... Generating RSA private key, 512 bit long modulus
    ....++++++++++++
    ........................++++++++++++
    unable to write 'random state'
    e is 65537 (0x10001)

    Generating DH parameters, 512 bit long safe prime, generator 2
    This is going to take a long time
    ...........................................................+.................+..+.............+.........................+................+.+...+..................................+.+.................................................................++*++*++*++*++*++*
    unable to write 'random state'

    Generating DH parameters, 1024 bit long safe prime, generator 2
    This is going to take a long time
    ..............................+.........................................+......+.........................................+......+...............................................................................+..........+.........+.....................................................+........................................................................................................................................+...........................................................................................+....................+.......................+...................................................................................+...........................+..+.................................................+....................................................+..+................................................................................................................................................................+...................................................................................................................................+....+......+................................+..................+..+....................................................................+.................................+.........................+....................................................+.....................+...................+.......+......................................+.............+.......................................+.........+.....................+...........................................................+........+................................................................+.........................+.......++*++*++*
    unable to write 'random state'
     
  3. RexAdmin

    RexAdmin Guest

    0
     
    I've forgot to reply to myself with "solution" for this so important problem/bug which is not addresses by SW-Soft in, now, months which is beyond my understand of running business.

    To disable TLS you need to remove (backup) .pem files from /var/qmail/control/ directory and you will start to receive normaly emails (without TLS errors).

    Good luck.
     
  4. bobathtmldotcom

    bobathtmldotcom Guest

    0
     
    Doesn't work here

    With Plesk 7.5 reloaded, I made the following changes in an attempt to turn off TLS functionality:

    • In /etc/xinetd.d/smtp_psa, add
      Code:
      env = DENY_TLS=1
    • In /etc/init.d/psa and /etc/init.d/qmail, add
      Code:
      DENY_TLS=1
      export DENY_TLS
    • Renamed all /var/qmail/control/*.pem files to *.pem.old.

    and *STILL* I can't deliver mail from Plesk to a server that advertises TLS yet rejects the self-signed Plesk cert.

    Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability?
     
Loading...