Skip to main content

sendmail dh key too small error

0
Mohan (anonymous)

Hi,

I have updated my server and after updating, sendmail cannot move mail from the clientmqueue to the mqueue, I facing below error:

Jun 13 03:01:49 motoko sendmail[3050]: t5D31nxX003050: from=root, size=9823, class=0, nrcpts=1, msgid=, relay=root@localhost
Jun 13 03:01:49 motoko sendmail[3050]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
Jun 13 03:01:49 motoko sendmail[3050]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake.
Jun 13 03:01:49 motoko sm-mta[3072]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1]
Jun 13 03:01:49 motoko sendmail[3050]: t5D31nxX003050: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=39823, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake.
Jun 13 03:01:49 motoko sm-mta[3072]: t5D31nPt003072: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0

I think problem is related to recent SSL Update and minimum key size.

If anybody has solution and fixed this issue please also help me to solve this.

Mohan answered
0
Raghav Yadav (anonymous)

You will need to generate new DH keys file like below:
# cd /etc/pki/tls/certs
# openssl dhparam -out dhparams.pem 2048

and edit your sendmail.mc file like below:
define(`confDH_PARAMETERS',`/etc/pki/tls/certs/dhparams.pem')dnl
Now update sendmail.cf and restart sendmail
# cd /etc/mail
make
# service sendmail restart

Above solution worked for me, I hope this will also work for you.

Raghav Yadav answered
Write your answer..
Attach file add from link
Question and answer is powered by LookLinux.com