Unable to send mail out to a certain domain with Qmail. There are errors like the following in
Jun 16 12:48:02 xcp qmail: 1434451682.055439 delivery 190193: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to_18.104.22.168/
Issue is caused by different security settings (e.g. destination server has a Diffie-Hellman key with less size) or
openssl packages installed on source and destination servers are of different versions.
Note: Please consider switching to Postfix as the fastest and easiest way to resolve the issue.
IMPORTANT: this solution decreases the server security and might be used only in case of emergency. If the solution is not applicable due to security reasons, please, contact Odin Technical Support to investigate the issue.
Add the server, which bounces mail, to trusted hosts list in Qmail:
# mkdir /var/qmail/control/notlshosts
# touch /var/qmail/control/notlshosts/mail.example.com
Note: Qmail send message without TLS to such domains.
Restart Qmail afterwards to make it work:
# service qmail restart