Loading ...
Sorry, an error occurred while loading the content.
 

Re: Exim, DH, GnuTLS & interop fix with older mail clients

Expand Messages
  • Robert Schetterer
    ... so as awaited , it was reported everything is working again , thx for help ... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89)
    Message 1 of 5 , Sep 7, 2013
      Am 07.09.2013 17:43, schrieb Robert Schetterer:
      > Am 07.09.2013 16:43, schrieb Viktor Dukhovni:
      >> On Sat, Sep 07, 2013 at 08:30:47AM +0200, Robert Schetterer wrote:
      >>
      >>> # openssl dhparam -out dh2048.pem 2048
      >>> # postconf -e 'smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem'
      >>> ...
      >>>
      >>> I had some report from one customer with netscape 7 ( very old mail
      >>> client ) that he cant connect anymore via port 465 by ssl failures
      >>> which i can see in the logs too
      >>>
      >>> does this sound plausible?
      >>
      >> Definitely. Ancient software may not be able to handle 2048-bit EDH.
      >> Fortunately, as Wietse points out, there is a simple work-around,
      >> deploy a different dhparam file on ports 465 and 587.
      >>
      >> # openssl dhparam -out dh1024.pem 1024
      >> # postconf -e 'submission_tls_dh1024_param_file = ${config_directory}/dh1024.pem'
      >>
      >> Then in master.cf:
      >>
      >> 465 inet n ... smtpd
      >> -o smtpd_tls_wrappermode=yes
      >> -o smtpd_tls_dh1024_param_file=$submission_tls_dh1024_param_file
      >> ...
      >> 587 inet n ... smtpd
      >> -o smtpd_tls_dh1024_param_file=$submission_tls_dh1024_param_file
      >> ...
      >>
      >
      > i thought that way too,
      >
      > and did it that way before reading this post, so i am waiting now for
      > backreport from the user

      so as awaited , it was reported everything is working again , thx for help

      >
      >
      >
      > Best Regards
      > MfG Robert Schetterer
      >



      Best Regards
      MfG Robert Schetterer

      --
      [*] sys4 AG

      http://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Florian Kirstein
    Your message has been successfully submitted and would be delivered to recipients shortly.