Re: [qmailtoaster] Mail Failure

2018-03-09 Thread Eric Broch 

So,

If you want to stop TLS for a particular domain as QMT will encrypt via 
TLS all SMTP traffic unless 1) a mail server does not support it, 2) 
incompatible encryption (your case), 3) you prohibit it for a certain 
domain (following example), do the following:


1) # nslookup -type=mx 'domain.tld'

domain.tld     mail exchanger = 0 mx.domain.tld.

1) mkdir /var/qmail/control/notlshosts/

2) touch /var/qmail/control/notlshosts/mx.domain.tld

This will stop all traffic to domain.tld from being encrypted.

Eric


On 3/9/2018 9:17 AM, Eric Broch wrote:


I'm not sure it will work. It installs side by side with old rpms 
openssl and openssl-devel. I'd try creating the notlshosts/ 
first, and let me do some experimenting.



On 3/9/2018 9:14 AM, Rvaught wrote:


Thank you, I will give this a try.

Rick

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:50 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Mail Failure

In fact, here's a binary

https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

and the how to

 1. Download the latest epel-release rpm from

http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

 2. Install epel-release rpm:

# rpm -Uvh epel-release*rpm

 3. Install openssl101e rpm package:

# yum install openssl101e

On 3/9/2018 8:47 AM, Eric Broch wrote:

That's the issue. TLSv1.1 & TLSv1.2 are only support in openssl-1.*

You could disable TLS for this email address

(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).

Or, you could upgrade manually openssl on CentOS 5

(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).

Eric

On 3/9/2018 8:30 AM, Rvaught wrote:

Version .9.8e-33.el5_11

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:26 AM
*To:* qmailtoaster-list
*Subject:* Re: [qmailtoaster] Mail Failure

What version of openssl is on your host?

# rpm -qa | grep openssl

On 3/8/2018 11:22 AM, Rvaught wrote:

I am getting this failure when trying to send mail to one
email address.

The error is TLS connect failed: error 140770FC: SSL
routing: SSL 3_GET_SERVER_HELLO: unknown protocol. It
appears your server wants a TLS or SSL connection or
certificate.

I am running a qmail toaster on Centos 5.11.

How can I tell what version TLS I am using? The support
person on the other end says they do not accept version
of  lower than TLS 1.1 or 1.2.

Thanks ,

Rick




-- 


Eric Broch

White Horse Technical Consulting (WHTC)



-- 


Eric Broch

White Horse Technical Consulting (WHTC)



--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] DKIM

2018-03-09 Thread Rodrigo Cortes 
Hey! the site is http://www.qmailtoaster.com/dkim.html

is .com not .org

:)

2018-03-09 15:06 GMT-03:00 Eric Broch :

> http://www.qmailtoaster.org/dkim.html
>
> On 3/9/2018 10:40 AM, Rodrigo Cortes wrote:
>
> Hey Eric!
>
> File Not Found The requested URL was not found on this server: /dkim.html
>
> :S
>
> 2018-03-09 14:39 GMT-03:00 Eric Broch :
>
>> Yes,
>>
>> http://qmailtoaster.org/dkim.html
>>
>>
>>
>> On 3/9/2018 10:33 AM, Rodrigo Cortes wrote:
>>
>>> Hi!!!
>>>
>>> Have some good how to for DKIM with QMAIL?
>>>
>>> Thx.
>>>
>>
>> --
>> Eric Broch
>> White Horse Technical Consulting (WHTC)
>>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>

Re: [qmailtoaster] DKIM

2018-03-09 Thread Rodrigo Cortes 
Hey Eric!

File Not Found The requested URL was not found on this server: /dkim.html

:S

2018-03-09 14:39 GMT-03:00 Eric Broch :

> Yes,
>
> http://qmailtoaster.org/dkim.html
>
>
>
> On 3/9/2018 10:33 AM, Rodrigo Cortes wrote:
>
>> Hi!!!
>>
>> Have some good how to for DKIM with QMAIL?
>>
>> Thx.
>>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>

Re: [qmailtoaster] DKIM

2018-03-09 Thread Eric Broch 

Yes,

http://qmailtoaster.org/dkim.html


On 3/9/2018 10:33 AM, Rodrigo Cortes wrote:

Hi!!!

Have some good how to for DKIM with QMAIL?

Thx.


--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM

2018-03-09 Thread Rodrigo Cortes 
Hi!!!

Have some good how to for DKIM with QMAIL?

Thx.

Re: [qmailtoaster] Mail Failure

2018-03-09 Thread Eric Broch 

This is what they look like running side by side

# find /usr -name openssl*

/usr/lib64/openssl
/usr/lib64/pkgconfig/openssl101e.pc
/usr/lib64/pkgconfig/openssl.pc
/usr/lib64/openssl101e
/usr/include/openssl
/usr/include/openssl/opensslv.h
/usr/include/openssl/opensslconf.h
/usr/include/openssl/opensslconf-i386.h
/usr/include/openssl/opensslconf-x86_64.h
/usr/include/openssl101e
/usr/include/openssl101e/openssl
/usr/include/openssl101e/openssl/opensslv.h
/usr/include/openssl101e/openssl/opensslconf.h
/usr/include/openssl101e/openssl/opensslconf-i386.h
/usr/include/openssl101e/openssl/opensslconf-x86_64.h
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man1/openssl101e.1.gz
/usr/share/doc/curl-devel-7.15.5/opensslthreadlock.c
/usr/share/doc/openssl101e-1.0.1e
/usr/share/doc/openssl101e-1.0.1e/openssl.txt
/usr/share/doc/openssl101e-1.0.1e/openssl_button.gif
/usr/share/doc/openssl101e-1.0.1e/openssl_button.html
/usr/share/doc/openssl-0.9.8e
/usr/share/doc/openssl-0.9.8e/openssl.txt
/usr/share/doc/openssl-0.9.8e/openssl_button.gif
/usr/share/doc/openssl-0.9.8e/openssl_button.html
/usr/bin/openssl
/usr/bin/openssl101e
/usr/lib/openssl
/usr/lib/pkgconfig/openssl101e.pc
/usr/lib/pkgconfig/openssl.pc
/usr/lib/openssl101e
/usr/lib/python2.4/site-packages/sos/plugins/openssl.pyo
/usr/lib/python2.4/site-packages/sos/plugins/openssl.pyc
/usr/lib/python2.4/site-packages/sos/plugins/openssl.py


I'm not sure why the rpm was compiled this way (not to replace the old), 
but I'm sure they had their reasons.




On 3/9/2018 9:22 AM, Rvaught wrote:


Ok,

Rick

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 11:17 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Mail Failure

I'm not sure it will work. It installs side by side with old rpms 
openssl and openssl-devel. I'd try creating the notlshosts/ 
first, and let me do some experimenting.


On 3/9/2018 9:14 AM, Rvaught wrote:

Thank you, I will give this a try.

Rick

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:50 AM
*To:* qmailtoaster-list@qmailtoaster.com

*Subject:* Re: [qmailtoaster] Mail Failure

In fact, here's a binary


https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

and the how to

 1. Download the latest epel-release rpm from

http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

 2. Install epel-release rpm:

# rpm -Uvh epel-release*rpm

 3. Install openssl101e rpm package:

# yum install openssl101e

On 3/9/2018 8:47 AM, Eric Broch wrote:

That's the issue. TLSv1.1 & TLSv1.2 are only support in
openssl-1.*

You could disable TLS for this email address

(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).

Or, you could upgrade manually openssl on CentOS 5

(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).

Eric

On 3/9/2018 8:30 AM, Rvaught wrote:

Version .9.8e-33.el5_11

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:26 AM
*To:* qmailtoaster-list
*Subject:* Re: [qmailtoaster] Mail Failure

What version of openssl is on your host?

# rpm -qa | grep openssl

On 3/8/2018 11:22 AM, Rvaught wrote:

I am getting this failure when trying to send mail to
one email address.

The error is TLS connect failed: error 140770FC: SSL
routing: SSL 3_GET_SERVER_HELLO: unknown protocol. It
appears your server wants a TLS or SSL connection or
certificate.

I am running a qmail toaster on Centos 5.11.

How can I tell what version TLS I am using? The
support person on the other end says they do not
accept version of  lower than TLS 1.1 or 1.2.

Thanks ,

Rick





-- 


Eric Broch

White Horse Technical Consulting (WHTC)




-- 


Eric Broch

White Horse Technical Consulting (WHTC)




-- 


Eric Broch

White Horse Technical Consulting (WHTC)



--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)

RE: [qmailtoaster] Mail Failure

2018-03-09 Thread Rvaught 
Ok,

Rick

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, March 09, 2018 11:17 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Mail Failure

 

I'm not sure it will work. It installs side by side with old rpms openssl and 
openssl-devel. I'd try creating the notlshosts/ first, and let me do some 
experimenting.

 

On 3/9/2018 9:14 AM, Rvaught wrote:

Thank you, I will give this a try.

Rick

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, March 09, 2018 10:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Mail Failure

 

In fact, here's a binary

https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

and the how to

1.  Download the latest epel-release rpm from 

http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

2.  Install epel-release rpm: 

# rpm -Uvh epel-release*rpm

3.  Install openssl101e rpm package: 

# yum install openssl101e

 

On 3/9/2018 8:47 AM, Eric Broch wrote:

That's the issue. TLSv1.1 & TLSv1.2 are only support in openssl-1.*

You could disable TLS for this email address 
(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).

Or, you could upgrade manually openssl on CentOS 5 
(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).

Eric

 

On 3/9/2018 8:30 AM, Rvaught wrote:

Version .9.8e-33.el5_11

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, March 09, 2018 10:26 AM
To: qmailtoaster-list
Subject: Re: [qmailtoaster] Mail Failure

 

What version of openssl is on your host? 

# rpm -qa | grep openssl

 

On 3/8/2018 11:22 AM, Rvaught wrote:

 

I am getting this failure when trying to send mail to one email address.

 

The error is TLS connect failed: error 140770FC: SSL routing: SSL 
3_GET_SERVER_HELLO: unknown protocol. It appears your server wants a TLS or SSL 
connection or certificate.  

 

I am running a qmail toaster on Centos 5.11.

 

How can I tell what version TLS I am using? The support person on the other end 
says they do not accept version of  lower than TLS 1.1 or 1.2.

 

Thanks ,

Rick

 

 

 







-- 
Eric Broch
White Horse Technical Consulting (WHTC)






-- 
Eric Broch
White Horse Technical Consulting (WHTC)






-- 
Eric Broch
White Horse Technical Consulting (WHTC)





-- 
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] Mail Failure

2018-03-09 Thread Eric Broch 
I'm not sure it will work. It installs side by side with old rpms 
openssl and openssl-devel. I'd try creating the notlshosts/ first, 
and let me do some experimenting.



On 3/9/2018 9:14 AM, Rvaught wrote:


Thank you, I will give this a try.

Rick

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:50 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Mail Failure

In fact, here's a binary

https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

and the how to

 1. Download the latest epel-release rpm from

http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

 2. Install epel-release rpm:

# rpm -Uvh epel-release*rpm

 3. Install openssl101e rpm package:

# yum install openssl101e

On 3/9/2018 8:47 AM, Eric Broch wrote:

That's the issue. TLSv1.1 & TLSv1.2 are only support in openssl-1.*

You could disable TLS for this email address

(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).

Or, you could upgrade manually openssl on CentOS 5

(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).

Eric

On 3/9/2018 8:30 AM, Rvaught wrote:

Version .9.8e-33.el5_11

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:26 AM
*To:* qmailtoaster-list
*Subject:* Re: [qmailtoaster] Mail Failure

What version of openssl is on your host?

# rpm -qa | grep openssl

On 3/8/2018 11:22 AM, Rvaught wrote:

I am getting this failure when trying to send mail to one
email address.

The error is TLS connect failed: error 140770FC: SSL
routing: SSL 3_GET_SERVER_HELLO: unknown protocol. It
appears your server wants a TLS or SSL connection or
certificate.

I am running a qmail toaster on Centos 5.11.

How can I tell what version TLS I am using? The support
person on the other end says they do not accept version of
 lower than TLS 1.1 or 1.2.

Thanks ,

Rick




-- 


Eric Broch

White Horse Technical Consulting (WHTC)



-- 


Eric Broch

White Horse Technical Consulting (WHTC)



--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)

RE: [qmailtoaster] Mail Failure

2018-03-09 Thread Rvaught 
Thank you, I will give this a try.

Rick

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, March 09, 2018 10:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Mail Failure

 

In fact, here's a binary

https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

and the how to

1.  Download the latest epel-release rpm from 

http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

2.  Install epel-release rpm: 

# rpm -Uvh epel-release*rpm

3.  Install openssl101e rpm package: 

# yum install openssl101e

 

On 3/9/2018 8:47 AM, Eric Broch wrote:

That's the issue. TLSv1.1 & TLSv1.2 are only support in openssl-1.*

You could disable TLS for this email address 
(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).

Or, you could upgrade manually openssl on CentOS 5 
(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).

Eric

 

On 3/9/2018 8:30 AM, Rvaught wrote:

Version .9.8e-33.el5_11

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, March 09, 2018 10:26 AM
To: qmailtoaster-list
Subject: Re: [qmailtoaster] Mail Failure

 

What version of openssl is on your host? 

# rpm -qa | grep openssl

 

On 3/8/2018 11:22 AM, Rvaught wrote:

 

I am getting this failure when trying to send mail to one email address.

 

The error is TLS connect failed: error 140770FC: SSL routing: SSL 
3_GET_SERVER_HELLO: unknown protocol. It appears your server wants a TLS or SSL 
connection or certificate.  

 

I am running a qmail toaster on Centos 5.11.

 

How can I tell what version TLS I am using? The support person on the other end 
says they do not accept version of  lower than TLS 1.1 or 1.2.

 

Thanks ,

Rick

 

 

 






-- 
Eric Broch
White Horse Technical Consulting (WHTC)





-- 
Eric Broch
White Horse Technical Consulting (WHTC)





-- 
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] Mail Failure

2018-03-09 Thread Eric Broch 

In fact, here's a binary

https://centos.pkgs.org/5/epel-x86_64/openssl101e-1.0.1e-11.el5.x86_64.rpm.html

and the how to

1. Download the latest epel-release rpm from

   http://dl.fedoraproject.org/pub/archive/epel/5/x86_64/

2. Install epel-release rpm:

   # rpm -Uvh epel-release*rpm

3. Install openssl101e rpm package:

   # yum install openssl101e


On 3/9/2018 8:47 AM, Eric Broch wrote:


That's the issue. TLSv1.1 & TLSv1.2 are only support in openssl-1.*

You could disable TLS for this email address 
(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).


Or, you could upgrade manually openssl on CentOS 5 
(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).


Eric


On 3/9/2018 8:30 AM, Rvaught wrote:


Version .9.8e-33.el5_11

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:26 AM
*To:* qmailtoaster-list
*Subject:* Re: [qmailtoaster] Mail Failure

What version of openssl is on your host?

# rpm -qa | grep openssl

On 3/8/2018 11:22 AM, Rvaught wrote:

I am getting this failure when trying to send mail to one email
address.

The error is TLS connect failed: error 140770FC: SSL routing: SSL
3_GET_SERVER_HELLO: unknown protocol. It appears your server
wants a TLS or SSL connection or certificate.

I am running a qmail toaster on Centos 5.11.

How can I tell what version TLS I am using? The support person on
the other end says they do not accept version of  lower than TLS
1.1 or 1.2.

Thanks ,

Rick



--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] Mail Failure

2018-03-09 Thread Eric Broch 

That's the issue. TLSv1.1 & TLSv1.2 are only support in openssl-1.*

You could disable TLS for this email address 
(https://serverfault.com/questions/562234/disable-starttls-on-qmail-for-outgoing-messages).


Or, you could upgrade manually openssl on CentOS 5 
(https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/).


Eric


On 3/9/2018 8:30 AM, Rvaught wrote:


Version .9.8e-33.el5_11

*From:*Eric Broch [mailto:ebr...@whitehorsetc.com]
*Sent:* Friday, March 09, 2018 10:26 AM
*To:* qmailtoaster-list
*Subject:* Re: [qmailtoaster] Mail Failure

What version of openssl is on your host?

# rpm -qa | grep openssl

On 3/8/2018 11:22 AM, Rvaught wrote:

I am getting this failure when trying to send mail to one email
address.

The error is TLS connect failed: error 140770FC: SSL routing: SSL
3_GET_SERVER_HELLO: unknown protocol. It appears your server wants
a TLS or SSL connection or certificate.

I am running a qmail toaster on Centos 5.11.

How can I tell what version TLS I am using? The support person on
the other end says they do not accept version of  lower than TLS
1.1 or 1.2.

Thanks ,

Rick



--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)

RE: [qmailtoaster] Mail Failure

2018-03-09 Thread Rvaught 
Version .9.8e-33.el5_11

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, March 09, 2018 10:26 AM
To: qmailtoaster-list
Subject: Re: [qmailtoaster] Mail Failure

 

What version of openssl is on your host? 

# rpm -qa | grep openssl

 

On 3/8/2018 11:22 AM, Rvaught wrote:

 

I am getting this failure when trying to send mail to one email address.

 

The error is TLS connect failed: error 140770FC: SSL routing: SSL 
3_GET_SERVER_HELLO: unknown protocol. It appears your server wants a TLS or SSL 
connection or certificate.  

 

I am running a qmail toaster on Centos 5.11.

 

How can I tell what version TLS I am using? The support person on the other end 
says they do not accept version of  lower than TLS 1.1 or 1.2.

 

Thanks ,

Rick

 

 

 





-- 
Eric Broch
White Horse Technical Consulting (WHTC)