The first cipher listed is the same one that qmail used with a successful transmission.
Looks to me from all of this that there is a bug in spamdyke with regards to that particular remote server software and TLS. I think this is the point where Sam can best continue helping to debug this situation. Sam? -- -Eric 'shubes' On 06/08/2011 11:23 AM, ron wrote: > # rpm -q openssl > openssl-0.9.8e-12.el5_5.7 > > > # openssl ciphers > DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5 > > > > > On 6/8/2011 2:19 PM, Eric Shubert wrote: >> On 06/08/2011 10:59 AM, Eric Shubert wrote: >>> On 06/08/2011 10:19 AM, ron wrote: >>>> Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13) >>>> by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun >>>> 2011 16:48:56 -0000 >>> I'm not familiar enough with TLS to know exactly what DHE-RSA-AES256-SHA >>> is, but it appears that qmail is working with TLS and no spamdyke. >>> >>> Perhaps there something errant in spamdyke's implementation of this >>> particular combination of encryption options? >>> >>> I think it's time for Sam to have a look at this. >>> >> Just re-read >> http://www.spamdyke.org/documentation/README.html#TLS: >> "Rarely, some situations will require specifying the list of encryption >> algorithms (ciphers) to be used during TLS. In those cases, the >> tls-cipher-list option can be used to pass a list of ciphers in the >> format expected by the OpenSSL library. The vast majority of spamdyke >> installations will not need this option -- the default list of ciphers >> is usually fine. To see the full list of available ciphers, run the >> command openssl ciphers." >> >> The default value for for the tls-cipher-list option is unfortunately >> not listed. I wonder, is this a spamdyke default, or the openssl >> default? Sam? >> >> Ron, what do you get from: >> # rpm -q openssl >> # openssl ciphers >> ? >> _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
