Re: [mailop] suddenly sendmail cannot make tls connections

Fri, 24 Jan 2020 09:16:26 -0800 

Yep, looks good.  But does that help if its the far end that is the problem?
On Fri, 24 Jan 2020 11:47:12 -0500,
Bill Cole via mailop wrote:
> 
> On 23 Jan 2020, at 18:01, John Covici via mailop wrote:
> 
> > Hi.  I am using sendmail from my own server and using a virtual
> > machine in the cloud as a relay.  That machine all of a sudden several
> > days ago keeps getting a message saying
> > Jan 23 17:51:33 debian-2 sm-mta[7625]: STARTTLS=client, error: connect
> > failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
> > 
> > Now, in my sendmail.mc (included from starttls.m4 I have
> > define(`confDH_PARAMETERS',   `/etc/mail/tls/sendmail-common.prm')dnl
> > # <= EDIT and I made sure that the file was regenerated with 2046 bits
> > by doing
> > openssl dhparam -out  /etc/mail/tls/sendmail-common.prm  2048
> > So, what the heck is happening, wnhy do at least some sites say the dh
> > key is too small?
> > 
> > Thanks in advance for any suggestions.
> 
> In case you have not done so already, actually LOOK at that
> file. It should be a PEM-format file containing:
> 
> -----BEGIN DH PARAMETERS-----
> [6x64-character lines of Base64, last line partial]
> -----END DH PARAMETERS-----
> 
> Also check the size (424 bytes) permissions (must be readable by
> whatever user Sendmail runs as) and if you're using SELinux, make
> sure it has the correct file context label. And make sure that
> name is right: did you actually use the ".prm" filename extension
> in creating it and in your sendmail.mc?
> 
> Often the problem with arcane technical issues is actually in the
> simplest external details...
> 
> -- 
> Bill Cole
> b...@scconsult.com or billc...@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not For Hire (currently)
> 
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici wb2una
         cov...@ccs.covici.com

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to