Hi List
If you also noticed emails not being delivered anymore to @bluewin after uprading to Debian Buster or and other system with newer openSSL libraries.
This is due to new versions of openSSL not accepting DH keys shorter than 1024 to counter the logjam attack.
Unfortunately the keys provided by bluewin are too short, causing the TLS handshake to fail.
Work-Around for now: Disable DH
Test with:
# openssl s_client -cipher 'DEFAULT:!DH' -connect \ mxbw.lb.bluewin.ch:smtp -starttls smtp
In sendmail.mc
O CipherList=HIGH:!DH
-Benoît-