• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

critical qmail bug on centos after microupdate #57

G

gatwtal

New Pleskian
Hello,

after the last automatic update of plesk panel (10.4.4, microupdate #57) qmail is no longer able to deliver emails to web.de/gmx.de mailboxes. Before the update this worked fine.
The error log shows messages like:

Dec 10 16:25:44 web01 qmail-remote-handlers[19876]: Handlers Filter before-remote for qmail started ...
Dec 10 16:25:44 web01 qmail-remote-handlers[19876]: from=***@***.de
Dec 10 16:25:44 web01 qmail-remote-handlers[19876]: to=***@web.de
Dec 10 16:25:44 web01 qmail: 1386689144.224948 delivery 2525: deferral:
TLS_connect_failed:_error:100AE081:elliptic_curve_routines:EC_GROUP_new_by_curve_name:unknown_groupZConnected_to_213.165.67.120_but_connection_died._er
ror:100AE081:elliptic_curve_routines:EC_GROUP_new_by_curve_name:unknown_group_(#4.4.2)/
Click to expand...

No other changes were performed on the server (centos 6.2).

I already tried to disable the TLS connection by placing files in /var/qmail/control/notlshosts like gmx.de or mx00.gmx.net but nothing works but qmail still uses TLS for those domains

I really need help here. We have about 45000 emails in queue (after sending a newsletter).

Best regards
Martin
 
Its probably because your openssl library) is out of date. A really important update for that came out in CentOS 6.5 recently.
 
No, the Centos 6.5 update doesn't help. This is a problem in all centos/redhat release when using tls - a bug report can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c2
I also have confirmation from another German user that 6.5 makes no difference here.
Something changed with the last plesk update at december 3rd. Before this update it did work (probably because tls wasn't used when communicating with web.de/gmx.de).
 
It seems the plesk update installed openssl 1.0.1-e15 which introduced the problem. openssl 1.0.1-e16 fixes this problem (update with yum update openssl).
 
Is is possible that this bug is alive... again with the latest openssl-updates? When sending e-mails via TLS (qmail + openssl 16.el6_5.14) we receive errors like this

Jul 29 05:16:31 XXX qmail: 1406603791.854933 delivery 1559: deferral: TLS_connect_failed;_connected_to_XXX.XXX.XXX.XXX./
Jul 29 05:16:31 XXX qmail: 1406603791.854953 status: local 0/10 remote 0/20
Click to expand...
 
You must log in or register to reply here.

Similar threads

L
qmail don't send a lot of message
Replies
1
Views
5K
IgorG
IgorG
Back
Top