Loading...
 

SysAdmin Blog

mout.web.de did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Alexander Bochmann Saturday 17 of August, 2013
Looks like some time on August 6, web.de changed something in the STARTTLS configuration of their mail system (possibly enabling it for the first time, as I don't see TLS info in headers of older mails), which was leading to SSL errors on my system, and mails were not being delivered:

Aug  6 14:17:49 sm-mta[20419]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1
Aug  6 14:17:49 sm-mta[20419]: STARTTLS=server: 20419:error:1409442F:SSL routines:SSL3_READ_BYTES:tlsv1 alert insufficient security:/usr/src/lib/libssl/src/ssl/s3_pkt.c:1061:SSL alert number 71
Aug  6 14:17:49 sm-mta[20419]: r76CHng2020419: mout.web.de [212.227.17.11] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Turns out other people ran into this problem too in the last couple of days, and there's a solution in this mail (cache): Pre-generating a DH parameters file for sendmail helps.

Use openssl to create a dhparms file:

openssl dhparam -out /etc/mail/sendmail.dh 1024

...then load it into sendmail by adding an confDH_PARAMETERS define to your .mc file:

define(`confDH_PARAMETERS',`/etc/mail/sendmail.dh')

...generate an updated sendmail configuration and restart the daemon.