Eric Faurot <e...@faurot.net> wrote: > On Fri, May 07, 2021 at 01:42:52AM +0200, Markus Julen wrote: > > Hi all! > > > > Having just moved a small "outgoing only" mailserver to 6.9, I started to > > receive error messages: > > > > > 80008bb60b9428ed smtp connected address=X.X.X.X host=z.z.z > > > 80008bb60b9428ed smtp disconnected reason="io-error: handshake failed: > > > error:1402610B:SSL routines:ACCEPT_SR_CLNT_HELLO:wrong version number" > > > > No filters, nothing, just plain smtpd. 6.8 worked flawlessly. > > > > Has anyone managed to tweak the "cipher" option to the "listen" directive? > > Any other options to try? > > > > Telling everyone to upgrade their mail client is probably no option as of > > now... > > Hello. > > Have a look at the tls_config_set_protocols(3) manpage for the protocols and > ciphers > options. You can try with something like: > > listen on ... tls protocols "legacy" ciphers "compat" > > Eric.
i got a similar error: > May 11 21:00:57 mail smtpd[54101]: 1dce957aa81938f4 smtp connected > address=65.55.52.250 host=co1gmehub09.msn.com > May 11 21:00:58 mail smtpd[62909]: dnsbl: 1dce957aa81938f4 not listed > May 11 21:00:58 mail smtpd[54101]: 1dce957aa81938f4 smtp disconnected > reason="io-error: handshake failed: error:140260C1:SSL > routines:ACCEPT_SR_CLNT_HELLO:no shared cipher" the "fix" from eric worked, i received the email, thanks! this is kind of funny, the email was from microsoft, i had to send them an email that they remove me from a block list cause apparently my neighbors aren't behaving peacefully and have sent some spam, so microsoft decided to block the whole network, which prevented me of sending emails to @hotmail.com addresses this is the third time i had to send them an email (first time was half a year ago, second time about 3 months ago, i am seeing a pattern here... enough with the anectodes) it seems like they are sending emails using some legacy ciphers?! before 6.9 i received these emails without any change in my smtpd.conf
