Dear postfix users,
I'm running Postfix version 2.11.6 on an OpenSUSE 42.1 box and all is
running sweet & fine ;)
Except a customer calls me that he can't receive emails from one of his
partners.
After looking for the partner email I found those log entries:
2017-01-14T00:31:28.312121+01:00 cx20 postfix/smtpd[12579]: connect from
mail.kommunalunternehmen.de[217.6.53.146]
2017-01-14T00:31:28.419190+01:00 cx20 postfix/smtpd[12579]: SSL_accept
error from mail.kommunalunternehmen.de[217.6.53.146]: Connection reset
by peer
2017-01-14T00:31:28.420304+01:00 cx20 postfix/smtpd[12579]: lost
connection after STARTTLS from mail.kommunalunternehmen.de[217.6.53.146]
2017-01-14T00:31:28.420870+01:00 cx20 postfix/smtpd[12579]: disconnect
from mail.kommunalunternehmen.de[217.6.53.146]
and those log entries repeat and repeat. From what I can also see in the
logs it seems to be an exchange mail server:
2017-01-13T14:17:55.649227+01:00 cx20 postfix/cleanup[3703]:
960DA1A198A:
message-id=<96C90C91ED31E24D8985DCEF2658CA0923EFD130@ku-exchange-02.kommunalunternehmen.local>
is this a buggy or wrong configured MTA which has problems with TLS on
port 25?
All other MTA's don't seem to have any problems with TLS / STARTTLS.
What can I do to fix this problem? Let the other MTA know that they got
an issue with their TLS setup?
Thanks & greetings
Becki
Here's my postconf, using a valid certificate from letsencrypt
linux:~ # postconf -n | grep tls
smtp_enforce_tls = no
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file = /fullchain.pem
smtp_tls_key_file = /privkey.pem
smtp_tls_loglevel = 0
smtp_tls_session_cache_database =
smtp_use_tls = yes
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_cert_file = /fullchain.pem
smtpd_tls_key_file = /privkey.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
and here's a snippet from my master.cf
smtp inet n - n - - smtpd
amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
# -o content_filter=smtp:[127.0.0.1]:10024
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus
