[Samba] bugzilla email possibly in need of TLS-related update
starlight at binnacle.cx
starlight at binnacle.cx
Mon Jul 21 11:16:53 MDT 2014
Hi,
I noticed that an email connection from the
Samba bugzilla server attempted STARTTLS
and failed. Then sent the message
unencrypted.
My guess is that the SSL/TLS library
in use is either out-of-date and/or the
cipher-suite is restricted to insecure
ciphers. The MTA here uses openssl
1.0.1h and is configured
O CipherList=HIGH:MEDIUM:!aNULL:!eNULL
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_CIPHER_SERVER_PREFERENCE
O ClientSSLOptions=+SSL_OP_NO_SSLv2
Log entries for the failed STARTLS message are
Jul 21 11:12:53 xxx mimedefang.pl[22017]: RELAY: <2001:638:603:d068::82:20> <samba-bugzilla.samba.org>
Jul 21 11:12:54 xxx sendmail[26853]: STARTTLS=server, error: accept failed=-1, reason=unknown, SSL_error=5, errno=104, retry=-1, relay=samba-bugzilla.samba.org [IPv6:2001:638:603:d068::82:20]
Jul 21 11:12:54 xxx sendmail[26853]: s6LFCrBB026853: samba-bugzilla.samba.org [IPv6:2001:638:603:d068::82:20] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTAv6
FYI
Regards to the Samba team. Thank you
for this most excellent software.
More information about the samba
mailing list