Article ID: 126321, created on Jul 25, 2015, last review on May 19, 2016

  • Applies to:
  • Plesk for Linux/Unix


Unable to send mail out to a certain domain with Qmail. There are errors like the following in /var/log/maillog:

Jun 16 12:48:02 xcp qmail: 1434451682.055439 delivery 190193: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to_1.1.1.1/


Issue is caused by different security settings (e.g. destination server has a Diffie-Hellman key with less size) or openssl packages installed on source and destination servers are of different versions.


Note: Please consider switching to Postfix as the fastest and easiest way to resolve the issue.

IMPORTANT: this solution decreases the server security and might be used only in case of emergency. If the solution is not applicable due to security reasons, please, contact Odin Technical Support to investigate the issue.

  1. Downgrade openssl package.

  2. Add the server, which bounces mail, to trusted hosts list in Qmail:

    # mkdir /var/qmail/control/notlshosts
    # touch /var/qmail/control/notlshosts/

    Note: Qmail send message without TLS to such domains.

  3. Restart Qmail afterwards to make it work:

    # service qmail restart

Search Words

TLS connect failed: error:14082174:SSLroutines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small; connected to


TLS connect failed



a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c 29d1e90fd304f01e6420fbe60f66f838

Email subscription for changes to this article
Save as PDF