> On Aug 16, 2017, at 8:11 AM, Alef Veld <[email protected]> wrote:
>
> 2. Why do i sometimes get a anonymous TLS connection.
Inbound SMTP email is "always" anonymous, as servers generally
don't and should not request client certificates, and even if
they did, clients wouldn't generally be configured to present
such certificates. See:
http://www.postfix.org/FORWARD_SECRECY_README.html#status
> Aug 16 09:01:47 www postfix/smtpd[12706]: SSL_accept:SSLv3 flush data
Your log level is too high, set it to 1, and you'll get better
performance, and fewer debugging messages that you find confusing.
It may even be that with all debugging logging flooding the log
server, some messages are getting lost. Though in this case both
the first connection:
> Aug 16 09:01:47 www postfix/smtpd[12706]: Anonymous TLS connection
> established from
> mail-oln040092068076.outbound.protection.outlook.com[40.92.68.76]: TLSv1.2
> with cipher AES256-SHA256 (256/256 bits)
>
> And sometimes a regular TLS connection ? Same ip and same cipher as well.
(actually also anonymous, just a few extra lines you happened to cut/paste)
> Aug 16 09:01:47 www postfix/smtpd[12706]: initializing the server-side TLS
> engine
> Aug 16 09:01:47 www postfix/smtpd[12706]: connect from
> mail-oln040092068076.outbound.protection.outlook.com[40.92.68.76]
> Aug 16 09:01:47 www postfix/smtpd[12706]: setting up TLS connection from
> mail-oln040092068076.outbound.protection.outlook.com[40.92.68.76]
> Aug 16 09:01:47 www postfix/smtpd[12706]:
> mail-oln040092068076.outbound.protection.outlook.com[40.92.68.76]: TLS cipher
> list "ALL:+RC4:@STRENGTH"
and the second connection:
>
> Aug 16 09:01:47 www postfix/smtpd[12706]: Anonymous TLS connection
> established from
> mail-oln040092068076.outbound.protection.outlook.com[40.92.68.76]: TLSv1.2
> with cipher AES256-SHA256 (256/256 bits)
are anonymous. The above log entries are all for the same inbound
TLS session.
--
Viktor.
