[pfx] Re: outlook ssl failure

Tue, 24 Dec 2024 13:44:43 -0800 

Randy Bush via Postfix-users:
> why is the actual mail not transferred.  how to debug?

The TLS handshake completes, and then the Microsoft client drops
the connections, before or afte sending the post-handshake EHLO.

This appears to be a bug in the Microsoft TLSv1.3 support.

Maybe this will work around the problem:

    smtpd_tls_protocols = >=TLSv1 !TLSv1.3

Thread:

    https://www.mail-archive.com/[email protected]/msg104308.html

Documentation:

    https://www.postfix.org/postconf.5.html#smtpd_tls_protocols

        Wietse


> 2024-12-24T20:27:05.074565+00:00 m0 postfix/smtpd[188336]: connect from 
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102]
> 2024-12-24T20:27:05.482255+00:00 m0 postfix/smtpd[188336]: setting up TLS 
> connection from 
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102]
> 2024-12-24T20:27:05.482713+00:00 m0 postfix/smtpd[188336]: 
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102]: 
> TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
> 2024-12-24T20:27:05.483096+00:00 m0 postfix/smtpd[188336]: SSL_accept:before 
> SSL initialization
> 2024-12-24T20:27:05.692962+00:00 m0 postfix/smtpd[188336]: SSL_accept:before 
> SSL initialization
> 2024-12-24T20:27:05.693067+00:00 m0 postfix/smtpd[188336]: 
> SSL_accept:SSLv3/TLS read client hello
> 2024-12-24T20:27:05.694052+00:00 m0 postfix/smtpd[188336]: 
> SSL_accept:SSLv3/TLS write server hello
> 2024-12-24T20:27:05.694260+00:00 m0 postfix/smtpd[188336]: 
> SSL_accept:SSLv3/TLS write change cipher spec
> 2024-12-24T20:27:05.694412+00:00 m0 postfix/smtpd[188336]: SSL_accept:TLSv1.3 
> write encrypted extensions
> 2024-12-24T20:27:05.694569+00:00 m0 postfix/smtpd[188336]: 
> SSL_accept:SSLv3/TLS write certificate
> 2024-12-24T20:27:05.694803+00:00 m0 postfix/smtpd[188336]: SSL_accept:TLSv1.3 
> write server certificate verify
> 2024-12-24T20:27:05.695047+00:00 m0 postfix/smtpd[188336]: 
> SSL_accept:SSLv3/TLS write finished
> 2024-12-24T20:27:05.695166+00:00 m0 postfix/smtpd[188336]: SSL_accept:TLSv1.3 
> early data
> 2024-12-24T20:27:05.900134+00:00 m0 postfix/smtpd[188336]: SSL_accept:TLSv1.3 
> early data
> 2024-12-24T20:27:05.900509+00:00 m0 postfix/smtpd[188336]: 
> SSL_accept:SSLv3/TLS read finished
> 2024-12-24T20:27:05.900716+00:00 m0 postfix/smtpd[188336]: 
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102]: 
> Issuing session ticket, key expiration: 1735073795
> 2024-12-24T20:27:05.900904+00:00 m0 postfix/smtpd[188336]: 
> SSL_accept:SSLv3/TLS write session ticket
> 2024-12-24T20:27:05.901078+00:00 m0 postfix/smtpd[188336]: Anonymous TLS 
> connection established from 
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102]: 
> TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE 
> (secp384r1) server-signature ECDSA (prime256v1) server-digest SHA256
> 2024-12-24T20:27:06.105081+00:00 m0 postfix/smtpd[188336]: disconnect from 
> mail-koreacentralazon11023102.outbound.protection.outlook.com[40.107.44.102] 
> ehlo=1 starttls=1 quit=1 commands=3
> 
> deb12
> mail_version = 3.7.11
> main.cf at https://archive.psg.com/main.cf
> 
> randy
> _______________________________________________
> Postfix-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> 
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to