On Fri, Dec 03, 2010 at 10:12:07AM +0100, Mickael MONSIEUR wrote:
> I have this problem with receiving emails from outside in SSL / TLS.
> Can you help me because I have some emails blocked because of it.
The messages are not "blocked", rather the SMTP client fails to establish
a TLS handshake with your server, and in some cases may be configured
to only send TLS. Mandatory SMTP TLS is not terribly practical except
by *mutual* agreement between the sending and receiving organizations.
Have you negotiated a mandatory TLS policy with any sites?
> Dec 3 09:56:13 mail postfix/smtpd[13307]: connect from
> unknown[212.35.xxx.xx]
Why does this IP address not reverse-resolve? Is this really an MTA
sending you legitimate email?
> Dec 3 09:56:13 mail postfix/smtpd[13307]: SSL_accept error from
> unknown[212.35.xxx.xx]: 0
> Dec 3 09:56:13 mail postfix/smtpd[13307]: warning: TLS library problem:
> error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1102:
> SSL alert number 0:
The remote SSL client sends "alert 0" which according to
http://tools.ietf.org/html/rfc2246#section-7.2
is a "close_notify" alert. So the remote client called the equivalent of
SSL_shutdown() in the middle of the SSL handshake. Perhaps the client was
"unimpressed" by your server's X509 certficate, or it is just buggy.
> Dec 3 09:56:13 mail postfix/smtpd[13307]: lost connection after STARTTLS
> from unknown[212.35.xxx.xx]
The connection is lost. Your server does nothing to "block" this client.
--
Viktor.
