昨日發現有
2014-03-05T15:56:04.873290+08:00 oms13 sendmail[16831]: s257u3Ro016831: to=<naomi@XXX.XXX>, ctladdr=<root@localhost> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=36923, relay=XXXXX [XXXXXXXX], dsn=4.0.0, stat=Deferred: 403 4.7.0TLS handshake failed.
參考: http://mikeberggren.com/post/15331563670/disable-tls
By default, SendMail servers will always check for TLS support when sending an outbound message. Normally this is a good thing — I mean, if the recipient MTA on the other side supports additional security, why not? There’s just one small problem: If SendMail tries to use TLS and something goes wrong with the initial TLS handshake, it does not fallback to using unencrypted delivery. Instead, SendMail considers the entire delivery attempt to be a 400 class issue and temporarily defers the message for another try later. This can result in a stuck message that stays stuck.
解決方法:
sloution1: 一個一個把有問題的domain 加入到 access Try_TSL:XXX.domain NO (太多要加入了,)
soloution2: disable TLS
O ClientPortOptions=Family=inet, Address=172.16.1.92 (原設定)
O ClientPortOptions=Family=inet, M=S, Address=172.16.1.92 (加入M=S)
The M=S option forces the SendMail client (used for outbound connections) to NOT use TLS regardless of whether or not the recipient MTA advertises support for it.
沒有留言:
張貼留言