Sendmail fails to relay mails through smart host with the error 'generic SSL error' in maillog.

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux Server 5.3
  • sendmail-8.13.8-2.el5
  • sendmail-cf-8.13.8-2.el5

Issue

  • Sendmail do not relay mails through smart host. The following SSL errors are seen in maillog when the issue occurs:

    Feb 12 22:59:52 servername sendmail[2733]: STARTTLS=client, relay=email1.smarthost.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DES-CBC3-SHA, bits=168/168
    Feb 12 22:59:52 servername sendmail[2733]: STARTTLS: read error=generic SSL error (-1), errno=0, get_error=error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number, retry=1, ssl_err=1
    

Resolution

Edit /etc/mail/access file and append following line

Try_TLS:smarthost.server    NO

Execute following commands afterwards

#makemap hash /etc/mail/access.db < /etc/mail/access
#service sendmail restart

Root Cause

Refer to the "Disabling STARTTLS And Setting SMTP Server Features" section at following link

http://www.sendmail.org/m4/starttls.html

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.