Hi :-) These days where the NSA is watching us I decided to make my server as secure as possible. For qmail it means to use TLS with strong encryption - openssl with "- ciphers "EDHS:DE" for example.
The original QMAIL without spamdyke works fine: openssl s_client -starttls smtp -connect localhost:25 shows me this: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 Great! Now I enable spamdyke and test it again... Protocol : TLSv1.2 Cipher : AES256-GCM-SHA384 Ok, not that good... maybe just a wrong cipher list? So I specified it a little bit more (works fine with qmail only): openssl s_client -starttls smtp -connect localhost:25 -cipher 'DH' Ups, an error: CONNECTED(00000003) 139820346807976:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741: I already tried to add "dhparam" to the qmail servercert (mentioned here http://permalink.gmane.org/gmane.mail.spam.spamdyke.user/3226 ) but that didnt't change anything... I also tested with "tls-cipher-list" param at the conf file - same error. And at the maillog this: A protocol or library failure occurred, error:140E6118:lib(20):func( 230):reason(280) Is it possible that there's a bug in spamdyke with strong encryption? Thanks for your help, Marc
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
