Re: SSL_accept error from other MTA

[Admin Beckspaced]

On 14.01.2017 14:03, Christian Kivalo wrote:

You could set smtpd_tls_loglevel = 1 and get some more information on the next 
connection attempt.

Without knowing more details i'd say you have no cipher in common, that could 
be when you're dealing with an ancient version of exchange or some crappy 
middlebox.

Thanks for your reply ;)

pushing the tls loglevel to 2 revealed the following in the logs:

2017-01-14T14:41:43.183704+01:00 cx20 postfix/smtpd[25337]: initializing
the server-side TLS engine
2017-01-14T14:41:43.195287+01:00 cx20 postfix/smtpd[25337]: connect from
mail.kommunalunternehmen.de[217.6.53.146]
2017-01-14T14:41:43.254888+01:00 cx20 postfix/smtpd[25337]: setting up
TLS connection from mail.kommunalunternehmen.de[217.6.53.146]
2017-01-14T14:41:43.255444+01:00 cx20 postfix/smtpd[25337]:
mail.kommunalunternehmen.de[217.6.53.146]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
2017-01-14T14:41:43.257024+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:before/accept initialization
2017-01-14T14:41:43.277843+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:SSLv3 read client hello A
2017-01-14T14:41:43.278453+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:SSLv3 write server hello A
2017-01-14T14:41:43.278829+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:SSLv3 write certificate A
2017-01-14T14:41:43.296343+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:SSLv3 write key exchange A
2017-01-14T14:41:43.297537+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:SSLv3 write server done A
2017-01-14T14:41:43.298112+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:SSLv3 flush data
2017-01-14T14:41:43.313040+01:00 cx20 postfix/smtpd[25337]:
SSL_accept:error in SSLv3 read client certificate A
2017-01-14T14:41:43.313611+01:00 cx20 postfix/smtpd[25337]: SSL_accept
error from mail.kommunalunternehmen.de[217.6.53.146]: Connection reset
by peer
2017-01-14T14:41:43.313970+01:00 cx20 postfix/smtpd[25337]: lost
connection after STARTTLS from mail.kommunalunternehmen.de[217.6.53.146]
2017-01-14T14:41:43.314315+01:00 cx20 postfix/smtpd[25337]: disconnect
from mail.kommunalunternehmen.de[217.6.53.146]

I see: SSL_accept:error in SSLv3 read client certificate A

so does this mean that the other exchange server has a problem with
their certificate?
Is the problem on the exchange server site? or is it my postfix server?

thanks & greetings
Becki


---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus