• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

7.5.1, email, TLS_connect_failed

R

RexAdmin

Guest
First system: Plesk Reloaded 7.5.1 (upgraded from 7.1.6)

Second system: Plesk Reloaded 7.1.6

When sending email from second the first server it can't be delivered, message in /usr/local/var/psa/maillog is:

Dec 16 15:47:05 u15154894 qmail: 1103240825.596320 delivery 98: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:sslv3_alert_handshake_failure;_connected_to_MASKED_SERVER_IP./

No certs were installed manually or similar.
 
Below is only snippet from install log that might be problematic, note unable to write 'random state'.

===> Installing Qmail server
Trying to set maillog file to /usr/local/psa/var/log/maillog... done
Configuring Qmail...
Trying to generate SSL certificates for TLS sessions... Generating RSA private key, 512 bit long modulus
....++++++++++++
........................++++++++++++
unable to write 'random state'
e is 65537 (0x10001)

Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
...........................................................+.................+..+.............+.........................+................+.+...+..................................+.+.................................................................++*++*++*++*++*++*
unable to write 'random state'

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..............................+.........................................+......+.........................................+......+...............................................................................+..........+.........+.....................................................+........................................................................................................................................+...........................................................................................+....................+.......................+...................................................................................+...........................+..+.................................................+....................................................+..+................................................................................................................................................................+...................................................................................................................................+....+......+................................+..................+..+....................................................................+.................................+.........................+....................................................+.....................+...................+.......+......................................+.............+.......................................+.........+.....................+...........................................................+........+................................................................+.........................+.......++*++*++*
unable to write 'random state'
 
I've forgot to reply to myself with "solution" for this so important problem/bug which is not addresses by SW-Soft in, now, months which is beyond my understand of running business.

To disable TLS you need to remove (backup) .pem files from /var/qmail/control/ directory and you will start to receive normaly emails (without TLS errors).

Good luck.
 
Doesn't work here

With Plesk 7.5 reloaded, I made the following changes in an attempt to turn off TLS functionality:

  • In /etc/xinetd.d/smtp_psa, add
    Code: 
    env = DENY_TLS=1
  • In /etc/init.d/psa and /etc/init.d/qmail, add
    Code: 
    DENY_TLS=1
export DENY_TLS
  • Renamed all /var/qmail/control/*.pem files to *.pem.old.

and *STILL* I can't deliver mail from Plesk to a server that advertises TLS yet rejects the self-signed Plesk cert.

Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability?
 
You must log in or register to reply here.

Similar threads

Erwin Fiten
Question Spam sent from my server by other hosts ???
Replies
4
Views
582
Bitpalast
Bitpalast
ilogus
Resolved Incoming email DKIM issue
Replies
4
Views
584
ilogus
ilogus
Bitpalast
Forwarded to devs Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]
Replies
9
Views
2K
Bitpalast
Bitpalast
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
8K
Kaspar@Plesk
Kaspar@Plesk
J
Issue Notifications Email and 550 error
Replies
1
Views
3K
mariano_loo
M
Back
Top