Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver
Michael Colvin wrote: If you won't want to pay $15, don't want to contact the other server's admin, or you can't just get that domain's hosting yourself, you might consider setting up another qmail server w/o tls, possibly on a virtual machine or something, and use smtproutes on your main server, to send to that "new" qmail server, that will then forward it to the current hosts server, without tls. Basically, build your own proxy server for this one domain...Seems like a waste of time, but it's better than $15 a month for someone elses proxy server. :-) I like the idea of just getting them to host with you instead, and point out why they should. As Eric said, it doesn't look like their current host knows what's up. Mike IIRC (haven't tried this in a long time, not sure of the patch has changed or not) if you remove either the servercert.pem or the tlsserverciphers file it should stop trying to use TLS. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver
That's $15/YR (for the record). That allows 150 emails per day. Pretty affordable, but then again, why spend it if you don't have to? Michael Colvin wrote: If you won't want to pay $15, don't want to contact the other server's admin, or you can't just get that domain's hosting yourself, you might consider setting up another qmail server w/o tls, possibly on a virtual machine or something, and use smtproutes on your main server, to send to that "new" qmail server, that will then forward it to the current hosts server, without tls. Basically, build your own proxy server for this one domain...Seems like a waste of time, but it's better than $15 a month for someone elses proxy server. :-) I like the idea of just getting them to host with you instead, and point out why they should. As Eric said, it doesn't look like their current host knows what's up. Mike -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Friday, August 28, 2009 10:13 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver PakOgah wrote: My user complain cant sent email to domain pegasusinsurindo.com when I check on send log this is error 08-28 19:09:05 delivery 243: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:ssl v3_alert_handshake_failure;_connected_to_72.4.126.254./ already search on archive and google and only got this similar. http://www.thegillis.net/2007/04/07/mail-toaster-qmail-and-openssl-098e- workaround-and-fix/ but I am not using openssl 0.9.8e and from http://forum.parallels.com/printthread.php?t=52543 which I quote "Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability?" I am using centos 4.6 my toaster package is: [r...@server2 send]# rpm -qa | grep toaster libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 squirrelmail-toaster-1.4.9a-1.3.6 simscan-toaster-1.3.1-1.3.6 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 spamassassin-toaster-3.2.5-1.3.17 ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 qmailtoaster-plus-0.3.1-1.4.11 clamav-toaster-0.95.2-1.3.29 my openssl version is [r...@server2 send]# rpm -qa | grep openssl openssl-0.9.7a-43.17.el4_6.1 xmlsec1-openssl-1.2.6-3 openssl096b-0.9.6b-22.46 openssl-devel-0.9.7a-43.17.el4_6.1 does anyone can execute the below command on his box? below output is the result on my end. openssl s_client -starttls smtp -crlf -connect mail.pegasusinsurindo.com:25 -debug CONNECTED(0003) read from 09D43330 [09D3E130] (8192 bytes => 55 (0x37)) - 32 32 30 20 32 33 39 31-35 32 2d 61 70 70 33 2e 220 239152- app3. 0010 - 32 33 39 31 35 32 2d 61-70 70 33 2e 64 6f 74 63 239152- app3.dotc 0020 - 6f 6d 69 6e 64 6f 6e 65-73 69 61 2e 63 6f 6d 20 omindonesia.com 0030 - 45 53 4d 54 50 0d 0a ESMTP.. write to 09D43330 [BFF73BD0] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 09D43330 [09D3C128] (8192 bytes => 19 (0x13)) - 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c 220 ready for tl 0010 - 73 0d 0a s.. write to 09D43330 [09D43378] (142 bytes => 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 ab 56 ...V 0070 - b4 3f 80 e1 6e d6 38 38-43 99 98 8c ad 1b 79 96 .?..n.88C.y. 0080 - 16 c9 c5 80 d1 fe fc 46-7a 7b 15 fd e1 15 ...Fz{ read from 09D43330 [09D488D8] (7 bytes => 7 (0x7)) - 15 03 01 00 02 02 28 ..( 9078:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:470: thanks before for the responde I get the same failure with CentOS5.3, all up to date packages. So upgrading isn't going to fix this. I don't believe this is a problem on your end, and I don't know of a workaround either.
RE: [qmailtoaster] TLS_connect_failed: Plesk mailserver
If you won't want to pay $15, don't want to contact the other server's admin, or you can't just get that domain's hosting yourself, you might consider setting up another qmail server w/o tls, possibly on a virtual machine or something, and use smtproutes on your main server, to send to that "new" qmail server, that will then forward it to the current hosts server, without tls. Basically, build your own proxy server for this one domain...Seems like a waste of time, but it's better than $15 a month for someone elses proxy server. :-) I like the idea of just getting them to host with you instead, and point out why they should. As Eric said, it doesn't look like their current host knows what's up. Mike > -Original Message- > From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert > Sent: Friday, August 28, 2009 10:13 AM > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver > > PakOgah wrote: > > My user complain cant sent email to domain pegasusinsurindo.com > > when I check on send log this is error > > 08-28 19:09:05 delivery 243: deferral: > > > TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:ssl > v3_alert_handshake_failure;_connected_to_72.4.126.254./ > > > > > > already search on archive and google and only got this similar. > > http://www.thegillis.net/2007/04/07/mail-toaster-qmail-and-openssl-098e- > workaround-and-fix/ > > > > but I am not using openssl 0.9.8e > > > > and from http://forum.parallels.com/printthread.php?t=52543 > > which I quote "Does anybody know of a way to prevent Qmail from > > attempting a STARTTLS when sending to a server advertising STARTTLS > > capability?" > > > > I am using centos 4.6 > > my toaster package is: > > [r...@server2 send]# rpm -qa | grep toaster > > libdomainkeys-toaster-0.68-1.3.3 > > courier-authlib-toaster-0.59.2-1.3.6 > > ezmlm-toaster-0.53.324-1.3.3 > > maildrop-toaster-2.0.3-1.3.5 > > squirrelmail-toaster-1.4.9a-1.3.6 > > simscan-toaster-1.3.1-1.3.6 > > daemontools-toaster-0.76-1.3.3 > > vpopmail-toaster-5.4.17-1.3.4 > > libsrs2-toaster-1.0.18-1.3.3 > > qmail-pop3d-toaster-1.03-1.3.15 > > courier-imap-toaster-4.1.2-1.3.7 > > control-panel-toaster-0.5-1.3.4 > > ezmlm-cgi-toaster-0.53.324-1.3.3 > > qmailmrtg-toaster-4.2-1.3.3 > > maildrop-toaster-devel-2.0.3-1.3.5 > > vqadmin-toaster-2.3.4-1.3.3 > > ripmime-toaster-1.4.0.6-1.3.3 > > qmailtoaster-plus.repo-0.1-1 > > spamassassin-toaster-3.2.5-1.3.17 > > ucspi-tcp-toaster-0.88-1.3.5 > > qmail-toaster-1.03-1.3.15 > > autorespond-toaster-2.0.4-1.3.3 > > qmailadmin-toaster-1.2.11-1.3.4 > > isoqlog-toaster-2.1-1.3.4 > > qmailtoaster-plus-0.3.1-1.4.11 > > clamav-toaster-0.95.2-1.3.29 > > > > my openssl version is > > [r...@server2 send]# rpm -qa | grep openssl > > openssl-0.9.7a-43.17.el4_6.1 > > xmlsec1-openssl-1.2.6-3 > > openssl096b-0.9.6b-22.46 > > openssl-devel-0.9.7a-43.17.el4_6.1 > > > > > > > > does anyone can execute the below command on his box? below output is > > the result on my end. > > openssl s_client -starttls smtp -crlf -connect > > mail.pegasusinsurindo.com:25 -debug > > > > CONNECTED(0003) > > read from 09D43330 [09D3E130] (8192 bytes => 55 (0x37)) > > - 32 32 30 20 32 33 39 31-35 32 2d 61 70 70 33 2e 220 239152- > app3. > > 0010 - 32 33 39 31 35 32 2d 61-70 70 33 2e 64 6f 74 63 239152- > app3.dotc > > 0020 - 6f 6d 69 6e 64 6f 6e 65-73 69 61 2e 63 6f 6d 20 omindonesia.com > > 0030 - 45 53 4d 54 50 0d 0a ESMTP.. > > write to 09D43330 [BFF73BD0] (10 bytes => 10 (0xA)) > > - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. > > read from 09D43330 [09D3C128] (8192 bytes => 19 (0x13)) > > - 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c 220 ready for > tl > > 0010 - 73 0d 0a s.. > > write to 09D43330 [09D43378] (142 bytes => 142 (0x8E)) > > - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... > ..9.. > > 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 > 8..5 > > 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 > ..3..2../.f. > > 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 > .c.. > > 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 > b..a...@ > > 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 > ..e..d..`... >
Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver
PakOgah wrote: My user complain cant sent email to domain pegasusinsurindo.com when I check on send log this is error 08-28 19:09:05 delivery 243: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:sslv3_alert_handshake_failure;_connected_to_72.4.126.254./ already search on archive and google and only got this similar. http://www.thegillis.net/2007/04/07/mail-toaster-qmail-and-openssl-098e-workaround-and-fix/ but I am not using openssl 0.9.8e and from http://forum.parallels.com/printthread.php?t=52543 which I quote "Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability?" I am using centos 4.6 my toaster package is: [r...@server2 send]# rpm -qa | grep toaster libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 squirrelmail-toaster-1.4.9a-1.3.6 simscan-toaster-1.3.1-1.3.6 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 spamassassin-toaster-3.2.5-1.3.17 ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 qmailtoaster-plus-0.3.1-1.4.11 clamav-toaster-0.95.2-1.3.29 my openssl version is [r...@server2 send]# rpm -qa | grep openssl openssl-0.9.7a-43.17.el4_6.1 xmlsec1-openssl-1.2.6-3 openssl096b-0.9.6b-22.46 openssl-devel-0.9.7a-43.17.el4_6.1 does anyone can execute the below command on his box? below output is the result on my end. openssl s_client -starttls smtp -crlf -connect mail.pegasusinsurindo.com:25 -debug CONNECTED(0003) read from 09D43330 [09D3E130] (8192 bytes => 55 (0x37)) - 32 32 30 20 32 33 39 31-35 32 2d 61 70 70 33 2e 220 239152-app3. 0010 - 32 33 39 31 35 32 2d 61-70 70 33 2e 64 6f 74 63 239152-app3.dotc 0020 - 6f 6d 69 6e 64 6f 6e 65-73 69 61 2e 63 6f 6d 20 omindonesia.com 0030 - 45 53 4d 54 50 0d 0a ESMTP.. write to 09D43330 [BFF73BD0] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 09D43330 [09D3C128] (8192 bytes => 19 (0x13)) - 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c 220 ready for tl 0010 - 73 0d 0a s.. write to 09D43330 [09D43378] (142 bytes => 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 ab 56 ...V 0070 - b4 3f 80 e1 6e d6 38 38-43 99 98 8c ad 1b 79 96 .?..n.88C.y. 0080 - 16 c9 c5 80 d1 fe fc 46-7a 7b 15 fd e1 15 ...Fz{ read from 09D43330 [09D488D8] (7 bytes => 7 (0x7)) - 15 03 01 00 02 02 28 ..( 9078:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:470: thanks before for the responde I get the same failure with CentOS5.3, all up to date packages. So upgrading isn't going to fix this. I don't believe this is a problem on your end, and I don't know of a workaround either. You could try dyndns.org's outbound mailhop service ($15/yr). You would route mail for that domain via dyndns.org using smtproutes. Their mailhop servers might not fare any better though. I would contact the mail administrator at pegasus (dotcomindonesia.com) to see if you can't help with fixing their server. Better yet, offer to host pegasus's email for them, as their provider doesn't appear to have the most reliable system. ;) -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com