On Fri, Dec 03, 2010 at 10:12:07AM +0100, Mickael MONSIEUR wrote: > I have this problem with receiving emails from outside in SSL / TLS. > Can you help me because I have some emails blocked because of it.
The messages are not "blocked", rather the SMTP client fails to establish a TLS handshake with your server, and in some cases may be configured to only send TLS. Mandatory SMTP TLS is not terribly practical except by *mutual* agreement between the sending and receiving organizations. Have you negotiated a mandatory TLS policy with any sites? > Dec 3 09:56:13 mail postfix/smtpd[13307]: connect from > unknown[212.35.xxx.xx] Why does this IP address not reverse-resolve? Is this really an MTA sending you legitimate email? > Dec 3 09:56:13 mail postfix/smtpd[13307]: SSL_accept error from > unknown[212.35.xxx.xx]: 0 > Dec 3 09:56:13 mail postfix/smtpd[13307]: warning: TLS library problem: > error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1102: > SSL alert number 0: The remote SSL client sends "alert 0" which according to http://tools.ietf.org/html/rfc2246#section-7.2 is a "close_notify" alert. So the remote client called the equivalent of SSL_shutdown() in the middle of the SSL handshake. Perhaps the client was "unimpressed" by your server's X509 certficate, or it is just buggy. > Dec 3 09:56:13 mail postfix/smtpd[13307]: lost connection after STARTTLS > from unknown[212.35.xxx.xx] The connection is lost. Your server does nothing to "block" this client. -- Viktor.