Looks like some time on August 6, web.de changed something in the STARTTLS configuration of their mail system (possibly enabling it for the first time, as I don't see TLS info in headers of older mails), which was leading to SSL errors on my system, and mails were not being delivered:
Turns out other people ran into this problem too in the last couple of days, and there's a solution in this mail (cache): Pre-generating a DH parameters file for sendmail helps.
Use openssl to create a dhparms file:
openssl dhparam -out /etc/mail/sendmail.dh 1024
...then load it into sendmail by adding an confDH_PARAMETERS define to your .mc file:
define(`confDH_PARAMETERS',`/etc/mail/sendmail.dh')
...generate an updated sendmail configuration and restart the daemon.
Copy to clipboard
Aug 6 14:17:49 sm-mta[20419]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1 Aug 6 14:17:49 sm-mta[20419]: STARTTLS=server: 20419:error:1409442F:SSL routines:SSL3_READ_BYTES:tlsv1 alert insufficient security:/usr/src/lib/libssl/src/ssl/s3_pkt.c:1061:SSL alert number 71 Aug 6 14:17:49 sm-mta[20419]: r76CHng2020419: mout.web.de [212.227.17.11] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Turns out other people ran into this problem too in the last couple of days, and there's a solution in this mail (cache): Pre-generating a DH parameters file for sendmail helps.
Use openssl to create a dhparms file:
openssl dhparam -out /etc/mail/sendmail.dh 1024
...then load it into sendmail by adding an confDH_PARAMETERS define to your .mc file:
define(`confDH_PARAMETERS',`/etc/mail/sendmail.dh')
...generate an updated sendmail configuration and restart the daemon.