Eric Faurot wrote:
> On Fri, May 07, 2021 at 01:42:52AM +0200, Markus Julen wrote:
> > Hi all!
> >
> > Having just moved a small "outgoing only" mailserver to 6.9, I started to
> > receive error messages:
> >
> > > 80008bb60b9428ed smtp connected address=X.X.X.X host=z.z.z
> > > 80008bb60b9428ed smtp disconnected reason="io-error: handshake failed:
> > > error:1402610B:SSL routines:ACCEPT_SR_CLNT_HELLO:wrong version number"
> >
> > No filters, nothing, just plain smtpd. 6.8 worked flawlessly.
> >
> > Has anyone managed to tweak the "cipher" option to the "listen" directive?
> > Any other options to try?
> >
> > Telling everyone to upgrade their mail client is probably no option as of
> > now...
>
> Hello.
>
> Have a look at the tls_config_set_protocols(3) manpage for the protocols and
> ciphers
> options. You can try with something like:
>
> listen on ... tls protocols "legacy" ciphers "compat"
>
> Eric.
i got a similar error:
> May 11 21:00:57 mail smtpd[54101]: 1dce957aa81938f4 smtp connected
> address=65.55.52.250 host=co1gmehub09.msn.com
> May 11 21:00:58 mail smtpd[62909]: dnsbl: 1dce957aa81938f4 not listed
> May 11 21:00:58 mail smtpd[54101]: 1dce957aa81938f4 smtp disconnected
> reason="io-error: handshake failed: error:140260C1:SSL
> routines:ACCEPT_SR_CLNT_HELLO:no shared cipher"
the "fix" from eric worked, i received the email, thanks!
this is kind of funny, the email was from microsoft, i had to send
them an email that they remove me from a block list cause apparently
my neighbors aren't behaving peacefully and have sent some spam,
so microsoft decided to block the whole network, which prevented
me of sending emails to @hotmail.com addresses
this is the third time i had to send them an email (first time was
half a year ago, second time about 3 months ago, i am seeing a
pattern here... enough with the anectodes)
it seems like they are sending emails using some legacy ciphers?!
before 6.9 i received these emails without any change in my smtpd.conf
