Plesk+qmail, TLS fallback

[poppsworld.com]

Hello all,

is there any possibility to implement an non-TLS fallback for qmail if sending emails via SMTP+TLS fails?

On Centos 6.5, after running the latest openssl-update we get errors in /usr/local/psa/var/log/maillog when sending emails via TLS to some servers:

Jul 29 06:56:26 bender qmail: 1406609786.783037 delivery 1572: deferral: TLS_connect_failed;_connected_to_XXX.XXX.XXX.XXX./
Jul 29 06:56:26 bender qmail: 1406609786.783066 status: local 0/10 remote 1/20
Jul 29 06:56:26 bender qmail: 1406609786.796430 delivery 1573: deferral: TLS_connect_failed;_connected_to_XXX.XXX.XXX.XXX./
Jul 29 06:56:26 bender qmail: 1406609786.796459 status: local 0/10 remote 0/20

Since the "TLS_connect_failed" happens every time the server tries to connect, the emails stay in the qmail-queue until their lifetime is reached...

Despite the fact, that we have to get rid of this error it would be useful to have a fallback-mechanism like in postfix, which seems to send emails without tls... if tls-encryption fails.

Is it possible to implement that in qmail+plesk?

Thanks for your help and

Best regards
Lars

 

[Emmanuel_Pando]

HI!! I have the same issue :/
did it solve?

 

[poppsworld.com]

hi Emmanuel,

it's quite some time ago since I ran into the problem: As far as I can remember I fixed the issue by identifying the ciphers supported by CentOS's OpenSSL-Package, writing it to the qmail-files:

openssl ciphers > /var/qmail/control/tlsserverciphers
openssl ciphers > /var/qmail/control/tlsclientciphers

Afterwards i removed some ciphers from that files, which caused the problems. BUT since I don't know if you are having the same config/problem... that might not help for you.

Best regards,
Lars

 

[Emmanuel_Pando]

Thanks!! I will try Immediately.. Realy THANKS!