Error while sending through Gmass tool

winsome-lion · June 27, 2024, 4:06pm

Jun 27 16:02:39 kumod[892323]: 2024-06-27T16:02:39.069254Z DEBUG smtpsrv-8 run{socket=PollEvented { io: Some(TcpStream { addr: , peer: 54.212.131.181:6100, fd: 19 }) }}:process: kumod::smtp_server: TLS handshake failed: peer is incompatible: NoCipherSuitesInCommon

I encounter the above error while sending through gmass tool. How to resolve this issue?

inclusive-eagle · June 27, 2024, 4:06pm

Hey there @winsome-lion, thanks for posting. Please read the “Troubleshooting” and “How to Ask for Help” buttons below. If you would like a 1:1 support session from the KumoMTA team, details are at the “Book a Support Session” button below.

Mike · June 27, 2024, 4:42pm

You’re running an edge MTA, why would you want to send to Gmass? And it looks like Gmass doesn’t use the same TLS, so I’d investigate what ciphers it uses to see if you can match.

winsome-lion · June 28, 2024, 5:24am

We were trying to test the configuration. Normally it show correct results when trying tls smtp authentication using postfix or powermta. This is the settings we added in powermta:
tls-allow-SSLv3 no
tls-allow-TLSv1 no
tls-allow-TLSv1.1 yes
tls-allow-TLSv1.2 yes
tls-ciphers HIGH:!ADH:@STRENGTH

tom · June 28, 2024, 5:31am

KumoMTA will automatically use the highest available TLS security.

tom · June 28, 2024, 5:33am

You can set enable_tls to OpportunisticInsecure

winsome-lion · June 28, 2024, 6:21am

@faithful-ostrich Where should i set this configuration?

winsome-lion · June 28, 2024, 9:40am

Im currently using the below code in init.lua:

kumo.on(‘get_egress_path_config’,
shaping:setup { ‘/opt/kumomta/etc/shaping.json’, ‘/opt/kumomta/etc/policy/shaping.toml’ }
)

clever-impala · July 1, 2024, 1:00pm

the enable_tls configuration should go in either /opt/kumomta/etc/shaping.json or /opt/kumomta/etc/policy/shaping.toml, don’t forget to add replace_base = true of you want to supersede default configurations
https://docs.kumomta.com/userguide/configuration/trafficshaping/?h=enable_tls

winsome-lion · July 2, 2024, 6:21am

cat /opt/kumomta/etc/shaping.json

{
“default”: {
“replace_base”: true,
“connection_limit”: 1000000,
“max_connection_rate”: “100000/min”,
“enable_tls”:“Disabled”,
“max_message_rate”: “100000/min”
}
}

cat /opt/kumomta/etc/policy/shaping.toml

[“kumomta.domain.com”]
enable_tls = ‘Disabled’
smtp_port=2587

[“smtp-30.regalwork.com”]
ehlo_domain=‘testingsmtp.domain.io’
enable_tls = ‘Disabled’
smtp_port=4032

i have already configured the above options @clever-impala @faithful-ostrich

Mike · July 2, 2024, 1:12pm

Given that GMass is a tool for sending unsolicited messages, Tom and I will not be supporting this troubleshooting.