====== Sendmail: TLS handshake failed ======
\\


if you find TLS handshake errors in your sendmail like this:
<file>
May 10 15:36:17 mail sm-mta[28953]: u4A8Maoa020509: to=<***@domain.it>, ctladdr=<***@domain.com> (1501/2000), delay=05:13:39, xdelay=00:00:00, mailer=esmtp, pri=1051530, relay=aserver.domain.it. [xxx.xxx.xxx.xxx], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed.
</file>

check the configs, if defined:
<file - _my_hostname.mc>
define(`CERT_DIR’, `/etc/mail/certs’)dnl
define(`confDH_PARAMETERS’, `CERT_DIR/dh.param’)dnl
</file>

suppose your <color #ed1c24>CERT_DIR</color> is “<color #ed1c24>/etc/mail/certs</color>”:
<file bash>
cd /etc/mail/certs
openssl dhparam -out dh.param 2048
cd /etc/mail && make stop && make start
</file>

We can use a key len of 4096 too, but it is longer to generate and adds a lot of complexity.
\\ So for me 2048 it good enough.


---\\ return to gimbo wiki [[:start|home page]]
~~NOCACHE~~