Thanks, Dan.
On 7/3/2018 7:38 AM, Dan McAllister - QMT DNS wrote:
I'm normally just a lurker around here anymore -- Eric does such a GREAT job
helping you guys! Before I forget, GREAT WORK on getting the updated OpenSSL
package installation instructions out there!
So, I'm going to add my 2-cents worth in today as an EXPLANATION of WHY you
need to update your QMail server... and I hope you'll see why.
People using OLD versions of Qmail, or any other mail server, are likely to
have connectivity issues -- especially after June 30!
Why? Because the IEFT and PCI councils have recommended the SHUTDOWN of SSL
(all versions -- even SSLv3) by June 30, and moving to REQUIRE TLS v1.1 or
higher. *MANY ISPs ARE ALREADY REQUIRING TLS 1.2 or HIGHER!*
So, if you're using an OpenSSL stack from CentOS 3, 4, or 5, that's going to be
a problem unless you are able to upgrade your OpenSSL package.
Why are the old SSL versions being SHUTDOWN? Because they have known
vulnerabilities and we (the server admin community) have had SEVERAL YEARS now
to address them.
I just thought you (gentle readers) might want to know the reason WHY your
15-year-old QMT installation is starting to fail! LOL
Dan McAllister
QMT DNS Admin
-----Original Message-----
From: Eric Broch [mailto:[email protected]]
Sent: Wednesday, June 27, 2018 12:09 PM
To: [email protected]
Subject: Re: [qmailtoaster] Upgrading openssl in an old Qmailtoaster install
Have a look at this thread:
https://www.mail-archive.com/[email protected]/msg41029.html
IMHO, there were to many packages that were dependent on openssl-9.8 on the
CentOS 5 box to make this practical.
On 6/26/2018 11:44 PM, Brian Ghidinelli wrote:
I'm running into the same SMTP TLS connection errors as reported by
Sean Murphy in this email here:
https://www.mail-archive.com/[email protected]/msg41115.html
Same scenario: old, reliable CentOS 5 box. We need a few more months
to transition off this box and we're getting an increasing number of
TLS failures that are hard to fix with notls FQDNs.
I have upgraded our openssl so I'm wondering if it's possible, using
the source rpm for my very old install, to recompile and provide a new
SSL library path?
I am not very experienced with rpmbuild and have toyed with the
qmail-toaster.spec file but I believe I ran into a problem that
openssl 1.0.2l does not pass the checks for openssl >= 0.9.8. Any
suggestions for a short term fix?
I believe I would need to recompile and then replace just qmail-smtpd
and qmail-remote, yes?
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
Eric Broch
White Horse Technical Consulting (WHTC)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
