• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

7.5.1, email, TLS_connect_failed

R

RexAdmin

Guest
First system: Plesk Reloaded 7.5.1 (upgraded from 7.1.6)

Second system: Plesk Reloaded 7.1.6

When sending email from second the first server it can't be delivered, message in /usr/local/var/psa/maillog is:

Dec 16 15:47:05 u15154894 qmail: 1103240825.596320 delivery 98: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:sslv3_alert_handshake_failure;_connected_to_MASKED_SERVER_IP./

No certs were installed manually or similar.
 
Below is only snippet from install log that might be problematic, note unable to write 'random state'.

===> Installing Qmail server
Trying to set maillog file to /usr/local/psa/var/log/maillog... done
Configuring Qmail...
Trying to generate SSL certificates for TLS sessions... Generating RSA private key, 512 bit long modulus
....++++++++++++
........................++++++++++++
unable to write 'random state'
e is 65537 (0x10001)

Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
...........................................................+.................+..+.............+.........................+................+.+...+..................................+.+.................................................................++*++*++*++*++*++*
unable to write 'random state'

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..............................+.........................................+......+.........................................+......+...............................................................................+..........+.........+.....................................................+........................................................................................................................................+...........................................................................................+....................+.......................+...................................................................................+...........................+..+.................................................+....................................................+..+................................................................................................................................................................+...................................................................................................................................+....+......+................................+..................+..+....................................................................+.................................+.........................+....................................................+.....................+...................+.......+......................................+.............+.......................................+.........+.....................+...........................................................+........+................................................................+.........................+.......++*++*++*
unable to write 'random state'
 
I've forgot to reply to myself with "solution" for this so important problem/bug which is not addresses by SW-Soft in, now, months which is beyond my understand of running business.

To disable TLS you need to remove (backup) .pem files from /var/qmail/control/ directory and you will start to receive normaly emails (without TLS errors).

Good luck.
 
Doesn't work here

With Plesk 7.5 reloaded, I made the following changes in an attempt to turn off TLS functionality:

  • In /etc/xinetd.d/smtp_psa, add
    Code:
    env = DENY_TLS=1
  • In /etc/init.d/psa and /etc/init.d/qmail, add
    Code:
    DENY_TLS=1
    export DENY_TLS
  • Renamed all /var/qmail/control/*.pem files to *.pem.old.

and *STILL* I can't deliver mail from Plesk to a server that advertises TLS yet rejects the self-signed Plesk cert.

Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability?
 
Back
Top