Is it somehow possible to make Sendmail (version 8.15.2-14~deb10u1
) "speak" TLSv1.0 without changing the system default values in /etc/ssl/openssl.cnf
(which will be MinProtocol = TLSv1.2
for my system)? I tried the following in /etc/mail/sendmail.mc
, which doesn't help:
LOCAL_CONFIG
O CipherList=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
Unfortunately Sendmail still gives me the following error message in /var/log/mail.log
:
Dec 24 12:29:18 hostname sm-mta[32517]: 0BN3RTsR012399: to=<info@example.com>, ctladdr=<www-data@my-host.com> (33/33), delay=1+08:01:48, xdelay=00:00:01, mailer=esmtp, pri=18123759, relay=mx01.goneo.de. [82.100.220.161], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed.
Any help will be highly appreciated.