0

Is it somehow possible to make Sendmail (version 8.15.2-14~deb10u1) "speak" TLSv1.0 without changing the system default values in /etc/ssl/openssl.cnf (which will be MinProtocol = TLSv1.2 for my system)? I tried the following in /etc/mail/sendmail.mc, which doesn't help:

LOCAL_CONFIG
O CipherList=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

Unfortunately Sendmail still gives me the following error message in /var/log/mail.log:

Dec 24 12:29:18 hostname sm-mta[32517]: 0BN3RTsR012399: to=<info@example.com>, ctladdr=<www-data@my-host.com> (33/33), delay=1+08:01:48, xdelay=00:00:01, mailer=esmtp, pri=18123759, relay=mx01.goneo.de. [82.100.220.161], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed.

Any help will be highly appreciated.

manifestor
  • 6,079
  • 7
  • 27
  • 39
  • 1
    Standard initial dumb checks: 1) Have you generated new sendmail.cf? 2) Have you restarted or HUPed sendmail daemon after sendmail.cf change? [Sorry but it statistically does pay to ask] – AnFi Dec 24 '20 at 12:34
  • 1
    @AnFi yes I did :) no worries, this needs to be asked – manifestor Dec 25 '20 at 12:30

0 Answers0