Marcus MERIGHI <[email protected]> writes:
> Hello,
Hi,
> frankenstein warning: stable.mtier.org, all patches applied
>
> the mail server in question doesn't deliver to a certain destination
> ("Network error on destination MXs"). Other destinations work. When I
> connect manually I can send messages via the destination server. But no
> TLS involved this way. SMTP greeting of destination server:
>
> $ nc 216.55.105.124 25
> 220 mobile-systems.at ESMTP Sendmail 8.14.5/8.13.4; Mon, 30 Mar 2015
> 13:12:39 +0200 (CEST)
>
> log entries on originating server:
>
> Mar 30 13:11:18 frax smtpd[28031]: smtp-out: Connecting to
> smtp+tls://216.55.105.124:25 (216.55.105.124.hera.net) on session
> 23d6e647b646bf14...
> Mar 30 13:11:18 frax smtpd[28031]: smtp-out: Connected on session
> 23d6e647b646bf14
> Mar 30 13:11:24 frax smtpd[28031]: smtp-out: Error on session
> 23d6e647b646bf14: IO Error: error:1408D06E:SSL
> routines:SSL3_GET_KEY_EXCHANGE:bad dh p length
> Mar 30 13:11:24 frax smtpd[28031]: smtp-out: Disabling route [] <->
> 216.55.105.124 (216.55.105.124.hera.net) for 800s
> Mar 30 13:11:24 frax smtpd[28031]: smtp-out: No valid route for
> [connector:[]->[relay:yyy.at,heloname=mail.xxx.at],0x0]
> Mar 30 13:11:24 frax smtpd[28031]: smtp-out: No valid route for
> [connector:[]->[relay:yyy.at,heloname=mail.xxx.at],0x0]
>
> I guess it's about the line:
>
> Error on session 23d6e647b646bf14: IO Error: error:1408D06E:SSL
> routines:SSL3_GET_KEY_EXCHANGE:bad dh p length
>
> Any hints on what's going wrong here?
This is likely due to /usr/src/lib/libssl/src/ssl/s3_clnt.c rev 1.108,
rev 1.85.2.1 on branch OPENBSD_5_6.
> Any hints on how to solve or work around?
Try to suggest mobile-systems.at folks that they use bigger dh
params? (512 -> >= 1024 bits)
> Thanks in advance, Marcus
>
> P.S.: is [email protected] dead?
The last mail I received from this list was 22 hours ago.
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
