I am getting the following errors, with sendmail (Openbsd 5.0 and errors were there for 4.9 as well)
Jan 28 16:34:48 mail sm-mta[24871]: starting daemon (8.14.5): SMTP+queueing@00:30:00 Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client: 372:error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list:/usr/src/lib/libssl/ssl/../src/ssl/t1_lib.c:1470: Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client: 372:error:14092113:SSL routines:SSL3_GET_SERVER_HELLO:serverhello tlsext:/usr/src/lib/libssl/ssl/../src/ssl/s3_clnt.c:945: Jan 28 16:34:51 mail sm-mta[372]: ruleset=tls_server, arg1=SOFTWARE, relay=edgewave.com.mx1.rci.rcimx.net, reject=403 4.7.0 TLS handshake failed. >From peering around with google these seem to come from an error in ssl. I assume that it is edgewave.com.mx1.rci.rcimx.net that has the error, not OpenBSD 5.0 but none the less I cannot send email to this site, with TLS enabled. It my surprise I found that not configuring TLS on sendmail.mc only turns it off for receiving not sending. The only way I can find to turn it off for sending is by adding Try_TLS:edgewave.com.mx1.rci.rcimx.net NO Try_TLS:edgewave.com.mx2.rci.rcimx.net NO Try_TLS:edgewave.com.mx3.rci.rcimx.net NO Try_TLS:edgewave.com.mx4.rci.rcimx.net NO to sendmail's map access database. The addresses belong to a email company that handles email for a other companies. I know of 5 companies that I cannot send to. You can try this yourself by sending email to x...@redcondor.com The email doesn't exist but the connection is dropped before anyone discovers that xxx is not valid. It would have been nice if sendmail falls back to a none TLS connection if the handshake occurs. As it is I have to watch the maillog to identify which mail is being blocked and adding the resulting address the access map
