Mailing List Archive

Hello,

I've just tested the latest s/qmail version 4.1.08

I'm testing it with my test domain thibs.be (address thibs@thibs.be)

The e-mail I've send from Microsoft Office 365 was received

@400000006074623830a306e4 info msg 1574791: bytes 14713 from <XXX@XXX.YY> qp
23467 uid 7791
@400000006074623830a306e4 starting delivery 460: msg 1574791 to local
thibs.be-thibs@thibs.be
@400000006074623830a306e4 status: local 1/10 remote 0/20
@400000006074623831a0a894 delivery 460: success: did_0+0+1/
@400000006074623831a1a294 status: local 0/10 remote 0/20
@400000006074623831a21bac end msg 1574791

BUT even if it works, I got the error message "error: (111) unable to speak
TLS"

@400000006074623825d059ec sslserver: tls 23466 accept
TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384
@40000000607462382938835c qmail-smtpd: pid 23466
Accept::SPF::Rcpthosts_Rcptto P:ESMTPS
S:40.107.20.89:mail-db8eur05on2089.outbound.protection.outlook.com
H:EUR05-DB8-obe.outbound.protection.outlook.com F:XXXX@XXXX.eu
T:thibs@thibs.be
@40000000607462383049d6dc sslserver: error: (111) unable to speak TLS for
pid: 23466 DH lib
@4000000060746238304c112c sslserver: ended by 23463 status 28416
@4000000060746238304c1514 sslserver: status: 0/40/0

I had no compilation error and apparently everything was OK

Do you have an idea of what I could check to avoid this ?

Best Regards

Thibault


-----Message d'origine-----
De?: Erwin Hoffmann <feh@fehcom.de>
Envoy??: lundi 28 septembre 2020 22:29
??: sqmail list <sqmail@mail.fehcom.net>
Cc?: qmail list <qmail@list.cr.yp.to>
Objet?: s/qmail 4.0.10 .... final

Hi together,

those, who are interested in a GCC 10 compliant version of qmail may want to
download s/qmail-4.0.10:

https://www.fehcom.de/sqmail/sqmail.html

There are of course requirements to meet; in particular fehQlibs-15b.


Version s/qmail 4.1 is already under development and will provide native
TLSA/DANE and DKIM support.

Those, who are maintaining other qmail packages (in particular notqmail)
should have a look into the doxygen documentation for the given solutions.

Best regards.
--eh.


Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id 7E4034BE

Hi Thibault,

in general, these problems don't belong directly to s/qmail. They are a matter of the OpenSSL lib and their methods, which might be different between the two communicating instances.



> Am 12.04.2021 um 17:27 schrieb <thibs@thibs.com> <thibs@thibs.com>:
>
> Hello,
>
> I've just tested the latest s/qmail version 4.1.08
>
> I'm testing it with my test domain thibs.be (address thibs@thibs.be)
>
> The e-mail I've send from Microsoft Office 365 was received
>
> @400000006074623830a306e4 info msg 1574791: bytes 14713 from <XXX@XXX.YY> qp
> 23467 uid 7791
> @400000006074623830a306e4 starting delivery 460: msg 1574791 to local
> thibs.be-thibs@thibs.be
> @400000006074623830a306e4 status: local 1/10 remote 0/20
> @400000006074623831a0a894 delivery 460: success: did_0+0+1/
> @400000006074623831a1a294 status: local 0/10 remote 0/20
> @400000006074623831a21bac end msg 1574791
>
> BUT even if it works, I got the error message "error: (111) unable to speak
> TLS"
>
> @400000006074623825d059ec sslserver: tls 23466 accept
> TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384
> @40000000607462382938835c qmail-smtpd: pid 23466
> Accept::SPF::Rcpthosts_Rcptto P:ESMTPS
> S:40.107.20.89:mail-db8eur05on2089.outbound.protection.outlook.com
> H:EUR05-DB8-obe.outbound.protection.outlook.com F:XXXX@XXXX.eu
> T:thibs@thibs.be
> @40000000607462383049d6dc sslserver: error: (111) unable to speak TLS for
> pid: 23466 DH lib
> @4000000060746238304c112c sslserver: ended by 23463 status 28416
> @4000000060746238304c1514 sslserver: status: 0/40/0
>
> I had no compilation error and apparently everything was OK
>
> Do you have an idea of what I could check to avoid this ?

Seems, the other side has closed the communication prematurely AFTER the message was send (and acknowledged).
I also have seen those cases occasionally.

I would not worry about it too much. Check, whether this happens only for that particular MTA or more frequent.
The situation is however different, if you recognize this error while setting up the connection.

man sslserver provided some hints regarding *SSL error which I found over the last years.

regards.
--eh.



>
> Best Regards
>
> Thibault
>
>
> -----Message d'origine-----
> De : Erwin Hoffmann <feh@fehcom.de>
> Envoyé : lundi 28 septembre 2020 22:29
> À : sqmail list <sqmail@mail.fehcom.net>
> Cc : qmail list <qmail@list.cr.yp.to>
> Objet : s/qmail 4.0.10 .... final
>
> Hi together,
>
> those, who are interested in a GCC 10 compliant version of qmail may want to
> download s/qmail-4.0.10:
>
> https://www.fehcom.de/sqmail/sqmail.html
>
> There are of course requirements to meet; in particular fehQlibs-15b.
>
>
> Version s/qmail 4.1 is already under development and will provide native
> TLSA/DANE and DKIM support.
>
> Those, who are maintaining other qmail packages (in particular notqmail)
> should have a look into the doxygen documentation for the given solutions.
>
> Best regards.
> --eh.
>
>
> Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id 7E4034BE
>
>
>
>
>
>
>
>

Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id 7E4034BE