Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver
Michael Colvin wrote: If you won't want to pay $15, don't want to contact the other server's admin, or you can't just get that domain's hosting yourself, you might consider setting up another qmail server w/o tls, possibly on a virtual machine or something, and use smtproutes on your main server, to send to that "new" qmail server, that will then forward it to the current hosts server, without tls. Basically, build your own proxy server for this one domain...Seems like a waste of time, but it's better than $15 a month for someone elses proxy server. :-) I like the idea of just getting them to host with you instead, and point out why they should. As Eric said, it doesn't look like their current host knows what's up. Mike IIRC (haven't tried this in a long time, not sure of the patch has changed or not) if you remove either the servercert.pem or the tlsserverciphers file it should stop trying to use TLS. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver
That's $15/YR (for the record). That allows 150 emails per day. Pretty
affordable, but then again, why spend it if you don't have to?
Michael Colvin wrote:
If you won't want to pay $15, don't want to contact the other server's
admin, or you can't just get that domain's hosting yourself, you might
consider setting up another qmail server w/o tls, possibly on a virtual
machine or something, and use smtproutes on your main server, to send to
that "new" qmail server, that will then forward it to the current hosts
server, without tls.
Basically, build your own proxy server for this one domain...Seems like a
waste of time, but it's better than $15 a month for someone elses proxy
server. :-)
I like the idea of just getting them to host with you instead, and point out
why they should. As Eric said, it doesn't look like their current host
knows what's up.
Mike
-Original Message-
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert
Sent: Friday, August 28, 2009 10:13 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver
PakOgah wrote:
My user complain cant sent email to domain pegasusinsurindo.com
when I check on send log this is error
08-28 19:09:05 delivery 243: deferral:
TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:ssl
v3_alert_handshake_failure;_connected_to_72.4.126.254./
already search on archive and google and only got this similar.
http://www.thegillis.net/2007/04/07/mail-toaster-qmail-and-openssl-098e-
workaround-and-fix/
but I am not using openssl 0.9.8e
and from http://forum.parallels.com/printthread.php?t=52543
which I quote "Does anybody know of a way to prevent Qmail from
attempting a STARTTLS when sending to a server advertising STARTTLS
capability?"
I am using centos 4.6
my toaster package is:
[r...@server2 send]# rpm -qa | grep toaster
libdomainkeys-toaster-0.68-1.3.3
courier-authlib-toaster-0.59.2-1.3.6
ezmlm-toaster-0.53.324-1.3.3
maildrop-toaster-2.0.3-1.3.5
squirrelmail-toaster-1.4.9a-1.3.6
simscan-toaster-1.3.1-1.3.6
daemontools-toaster-0.76-1.3.3
vpopmail-toaster-5.4.17-1.3.4
libsrs2-toaster-1.0.18-1.3.3
qmail-pop3d-toaster-1.03-1.3.15
courier-imap-toaster-4.1.2-1.3.7
control-panel-toaster-0.5-1.3.4
ezmlm-cgi-toaster-0.53.324-1.3.3
qmailmrtg-toaster-4.2-1.3.3
maildrop-toaster-devel-2.0.3-1.3.5
vqadmin-toaster-2.3.4-1.3.3
ripmime-toaster-1.4.0.6-1.3.3
qmailtoaster-plus.repo-0.1-1
spamassassin-toaster-3.2.5-1.3.17
ucspi-tcp-toaster-0.88-1.3.5
qmail-toaster-1.03-1.3.15
autorespond-toaster-2.0.4-1.3.3
qmailadmin-toaster-1.2.11-1.3.4
isoqlog-toaster-2.1-1.3.4
qmailtoaster-plus-0.3.1-1.4.11
clamav-toaster-0.95.2-1.3.29
my openssl version is
[r...@server2 send]# rpm -qa | grep openssl
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
openssl096b-0.9.6b-22.46
openssl-devel-0.9.7a-43.17.el4_6.1
does anyone can execute the below command on his box? below output is
the result on my end.
openssl s_client -starttls smtp -crlf -connect
mail.pegasusinsurindo.com:25 -debug
CONNECTED(0003)
read from 09D43330 [09D3E130] (8192 bytes => 55 (0x37))
- 32 32 30 20 32 33 39 31-35 32 2d 61 70 70 33 2e 220 239152-
app3.
0010 - 32 33 39 31 35 32 2d 61-70 70 33 2e 64 6f 74 63 239152-
app3.dotc
0020 - 6f 6d 69 6e 64 6f 6e 65-73 69 61 2e 63 6f 6d 20 omindonesia.com
0030 - 45 53 4d 54 50 0d 0a ESMTP..
write to 09D43330 [BFF73BD0] (10 bytes => 10 (0xA))
- 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
read from 09D43330 [09D3C128] (8192 bytes => 19 (0x13))
- 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c 220 ready for
tl
0010 - 73 0d 0a s..
write to 09D43330 [09D43378] (142 bytes => 142 (0x8E))
- 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c...
..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0
8..5
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00
..3..2../.f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00
.c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40
b..a...@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00
..e..d..`...
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 ab 56
...V
0070 - b4 3f 80 e1 6e d6 38 38-43 99 98 8c ad 1b 79 96
.?..n.88C.y.
0080 - 16 c9 c5 80 d1 fe fc 46-7a 7b 15 fd e1 15 ...Fz{
read from 09D43330 [09D488D8] (7 bytes => 7 (0x7))
- 15 03 01 00 02 02 28 ..(
9078:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:470:
thanks before for the responde
I get the same failure with CentOS5.3, all up to date packages. So
upgrading isn't going to fix this.
I don't believe this is a problem on your end, and I don't know of a
workaround either.
RE: [qmailtoaster] TLS_connect_failed: Plesk mailserver
If you won't want to pay $15, don't want to contact the other server's admin, or you can't just get that domain's hosting yourself, you might consider setting up another qmail server w/o tls, possibly on a virtual machine or something, and use smtproutes on your main server, to send to that "new" qmail server, that will then forward it to the current hosts server, without tls. Basically, build your own proxy server for this one domain...Seems like a waste of time, but it's better than $15 a month for someone elses proxy server. :-) I like the idea of just getting them to host with you instead, and point out why they should. As Eric said, it doesn't look like their current host knows what's up. Mike > -Original Message- > From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert > Sent: Friday, August 28, 2009 10:13 AM > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver > > PakOgah wrote: > > My user complain cant sent email to domain pegasusinsurindo.com > > when I check on send log this is error > > 08-28 19:09:05 delivery 243: deferral: > > > TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:ssl > v3_alert_handshake_failure;_connected_to_72.4.126.254./ > > > > > > already search on archive and google and only got this similar. > > http://www.thegillis.net/2007/04/07/mail-toaster-qmail-and-openssl-098e- > workaround-and-fix/ > > > > but I am not using openssl 0.9.8e > > > > and from http://forum.parallels.com/printthread.php?t=52543 > > which I quote "Does anybody know of a way to prevent Qmail from > > attempting a STARTTLS when sending to a server advertising STARTTLS > > capability?" > > > > I am using centos 4.6 > > my toaster package is: > > [r...@server2 send]# rpm -qa | grep toaster > > libdomainkeys-toaster-0.68-1.3.3 > > courier-authlib-toaster-0.59.2-1.3.6 > > ezmlm-toaster-0.53.324-1.3.3 > > maildrop-toaster-2.0.3-1.3.5 > > squirrelmail-toaster-1.4.9a-1.3.6 > > simscan-toaster-1.3.1-1.3.6 > > daemontools-toaster-0.76-1.3.3 > > vpopmail-toaster-5.4.17-1.3.4 > > libsrs2-toaster-1.0.18-1.3.3 > > qmail-pop3d-toaster-1.03-1.3.15 > > courier-imap-toaster-4.1.2-1.3.7 > > control-panel-toaster-0.5-1.3.4 > > ezmlm-cgi-toaster-0.53.324-1.3.3 > > qmailmrtg-toaster-4.2-1.3.3 > > maildrop-toaster-devel-2.0.3-1.3.5 > > vqadmin-toaster-2.3.4-1.3.3 > > ripmime-toaster-1.4.0.6-1.3.3 > > qmailtoaster-plus.repo-0.1-1 > > spamassassin-toaster-3.2.5-1.3.17 > > ucspi-tcp-toaster-0.88-1.3.5 > > qmail-toaster-1.03-1.3.15 > > autorespond-toaster-2.0.4-1.3.3 > > qmailadmin-toaster-1.2.11-1.3.4 > > isoqlog-toaster-2.1-1.3.4 > > qmailtoaster-plus-0.3.1-1.4.11 > > clamav-toaster-0.95.2-1.3.29 > > > > my openssl version is > > [r...@server2 send]# rpm -qa | grep openssl > > openssl-0.9.7a-43.17.el4_6.1 > > xmlsec1-openssl-1.2.6-3 > > openssl096b-0.9.6b-22.46 > > openssl-devel-0.9.7a-43.17.el4_6.1 > > > > > > > > does anyone can execute the below command on his box? below output is > > the result on my end. > > openssl s_client -starttls smtp -crlf -connect > > mail.pegasusinsurindo.com:25 -debug > > > > CONNECTED(0003) > > read from 09D43330 [09D3E130] (8192 bytes => 55 (0x37)) > > - 32 32 30 20 32 33 39 31-35 32 2d 61 70 70 33 2e 220 239152- > app3. > > 0010 - 32 33 39 31 35 32 2d 61-70 70 33 2e 64 6f 74 63 239152- > app3.dotc > > 0020 - 6f 6d 69 6e 64 6f 6e 65-73 69 61 2e 63 6f 6d 20 omindonesia.com > > 0030 - 45 53 4d 54 50 0d 0a ESMTP.. > > write to 09D43330 [BFF73BD0] (10 bytes => 10 (0xA)) > > - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. > > read from 09D43330 [09D3C128] (8192 bytes => 19 (0x13)) > > - 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c 220 ready for > tl > > 0010 - 73 0d 0a s.. > > write to 09D43330 [09D43378] (142 bytes => 142 (0x8E)) > > - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... > ..9.. > > 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 > 8..5 > > 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 > ..3..2../.f. > > 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 > .c.. > > 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 > b..a...@ > > 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 > ..e..d..`... >
Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver
PakOgah wrote:
My user complain cant sent email to domain pegasusinsurindo.com
when I check on send log this is error
08-28 19:09:05 delivery 243: deferral:
TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:sslv3_alert_handshake_failure;_connected_to_72.4.126.254./
already search on archive and google and only got this similar.
http://www.thegillis.net/2007/04/07/mail-toaster-qmail-and-openssl-098e-workaround-and-fix/
but I am not using openssl 0.9.8e
and from http://forum.parallels.com/printthread.php?t=52543
which I quote "Does anybody know of a way to prevent Qmail from
attempting a STARTTLS when sending to a server advertising STARTTLS
capability?"
I am using centos 4.6
my toaster package is:
[r...@server2 send]# rpm -qa | grep toaster
libdomainkeys-toaster-0.68-1.3.3
courier-authlib-toaster-0.59.2-1.3.6
ezmlm-toaster-0.53.324-1.3.3
maildrop-toaster-2.0.3-1.3.5
squirrelmail-toaster-1.4.9a-1.3.6
simscan-toaster-1.3.1-1.3.6
daemontools-toaster-0.76-1.3.3
vpopmail-toaster-5.4.17-1.3.4
libsrs2-toaster-1.0.18-1.3.3
qmail-pop3d-toaster-1.03-1.3.15
courier-imap-toaster-4.1.2-1.3.7
control-panel-toaster-0.5-1.3.4
ezmlm-cgi-toaster-0.53.324-1.3.3
qmailmrtg-toaster-4.2-1.3.3
maildrop-toaster-devel-2.0.3-1.3.5
vqadmin-toaster-2.3.4-1.3.3
ripmime-toaster-1.4.0.6-1.3.3
qmailtoaster-plus.repo-0.1-1
spamassassin-toaster-3.2.5-1.3.17
ucspi-tcp-toaster-0.88-1.3.5
qmail-toaster-1.03-1.3.15
autorespond-toaster-2.0.4-1.3.3
qmailadmin-toaster-1.2.11-1.3.4
isoqlog-toaster-2.1-1.3.4
qmailtoaster-plus-0.3.1-1.4.11
clamav-toaster-0.95.2-1.3.29
my openssl version is
[r...@server2 send]# rpm -qa | grep openssl
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
openssl096b-0.9.6b-22.46
openssl-devel-0.9.7a-43.17.el4_6.1
does anyone can execute the below command on his box? below output is
the result on my end.
openssl s_client -starttls smtp -crlf -connect
mail.pegasusinsurindo.com:25 -debug
CONNECTED(0003)
read from 09D43330 [09D3E130] (8192 bytes => 55 (0x37))
- 32 32 30 20 32 33 39 31-35 32 2d 61 70 70 33 2e 220 239152-app3.
0010 - 32 33 39 31 35 32 2d 61-70 70 33 2e 64 6f 74 63 239152-app3.dotc
0020 - 6f 6d 69 6e 64 6f 6e 65-73 69 61 2e 63 6f 6d 20 omindonesia.com
0030 - 45 53 4d 54 50 0d 0a ESMTP..
write to 09D43330 [BFF73BD0] (10 bytes => 10 (0xA))
- 53 54 41 52 54 54 4c 53-0d 0a STARTTLS..
read from 09D43330 [09D3C128] (8192 bytes => 19 (0x13))
- 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c 220 ready for tl
0010 - 73 0d 0a s..
write to 09D43330 [09D43378] (142 bytes => 142 (0x8E))
- 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`...
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 ab 56 ...V
0070 - b4 3f 80 e1 6e d6 38 38-43 99 98 8c ad 1b 79 96 .?..n.88C.y.
0080 - 16 c9 c5 80 d1 fe fc 46-7a 7b 15 fd e1 15 ...Fz{
read from 09D43330 [09D488D8] (7 bytes => 7 (0x7))
- 15 03 01 00 02 02 28 ..(
9078:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:470:
thanks before for the responde
I get the same failure with CentOS5.3, all up to date packages. So
upgrading isn't going to fix this.
I don't believe this is a problem on your end, and I don't know of a
workaround either.
You could try dyndns.org's outbound mailhop service ($15/yr). You would
route mail for that domain via dyndns.org using smtproutes. Their
mailhop servers might not fare any better though.
I would contact the mail administrator at pegasus (dotcomindonesia.com)
to see if you can't help with fixing their server. Better yet, offer to
host pegasus's email for them, as their provider doesn't appear to have
the most reliable system. ;)
--
-Eric 'shubes'
-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
