1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

7.5.1, email, TLS_connect_failed

Discussion in 'Plesk for Linux - 8.x and Older' started by RexAdmin, Dec 16, 2004.

  1. RexAdmin

    RexAdmin Guest

    0
     
    First system: Plesk Reloaded 7.5.1 (upgraded from 7.1.6)

    Second system: Plesk Reloaded 7.1.6

    When sending email from second the first server it can't be delivered, message in /usr/local/var/psa/maillog is:

    Dec 16 15:47:05 u15154894 qmail: 1103240825.596320 delivery 98: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:sslv3_alert_handshake_failure;_connected_to_MASKED_SERVER_IP./

    No certs were installed manually or similar.
     
  2. RexAdmin

    RexAdmin Guest

    0
     
    Below is only snippet from install log that might be problematic, note unable to write 'random state'.

    ===> Installing Qmail server
    Trying to set maillog file to /usr/local/psa/var/log/maillog... done
    Configuring Qmail...
    Trying to generate SSL certificates for TLS sessions... Generating RSA private key, 512 bit long modulus
    ....++++++++++++
    ........................++++++++++++
    unable to write 'random state'
    e is 65537 (0x10001)

    Generating DH parameters, 512 bit long safe prime, generator 2
    This is going to take a long time
    ...........................................................+.................+..+.............+.........................+................+.+...+..................................+.+.................................................................++*++*++*++*++*++*
    unable to write 'random state'

    Generating DH parameters, 1024 bit long safe prime, generator 2
    This is going to take a long time
    ..............................+.........................................+......+.........................................+......+...............................................................................+..........+.........+.....................................................+........................................................................................................................................+...........................................................................................+....................+.......................+...................................................................................+...........................+..+.................................................+....................................................+..+................................................................................................................................................................+...................................................................................................................................+....+......+................................+..................+..+....................................................................+.................................+.........................+....................................................+.....................+...................+.......+......................................+.............+.......................................+.........+.....................+...........................................................+........+................................................................+.........................+.......++*++*++*
    unable to write 'random state'
     
  3. RexAdmin

    RexAdmin Guest

    0
     
    I've forgot to reply to myself with "solution" for this so important problem/bug which is not addresses by SW-Soft in, now, months which is beyond my understand of running business.

    To disable TLS you need to remove (backup) .pem files from /var/qmail/control/ directory and you will start to receive normaly emails (without TLS errors).

    Good luck.
     
  4. bobathtmldotcom

    bobathtmldotcom Guest

    0
     
    Doesn't work here

    With Plesk 7.5 reloaded, I made the following changes in an attempt to turn off TLS functionality:

    • In /etc/xinetd.d/smtp_psa, add
      Code:
      env = DENY_TLS=1
    • In /etc/init.d/psa and /etc/init.d/qmail, add
      Code:
      DENY_TLS=1
      export DENY_TLS
    • Renamed all /var/qmail/control/*.pem files to *.pem.old.

    and *STILL* I can't deliver mail from Plesk to a server that advertises TLS yet rejects the self-signed Plesk cert.

    Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability?
     
Loading...