Hi List
If you also noticed emails not being delivered anymore to @bluewin
after uprading to Debian Buster or and other system with newer openSSL
libraries.
This is due to new versions of openSSL not accepting DH keys shorter
than 1024 to counter the logjam attack.
Unfortunately the keys provided by bluewin are too short, causing the
TLS handshake to fail.
Work-Around for now: Disable DH
Test with:
# openssl s_client -cipher 'DEFAULT:!DH' -connect \
mxbw.lb.bluewin.ch:smtp -starttls smtp
In sendmail.mc
O CipherList=HIGH:!DH
-Benoît-