hey,

after upgrading from debian stretch (providing postfix 3.1.14) to buster (providing postfix 3.4.8), i just found out that no incoming mail was received any longer. digging a little deeper showed me that turning of tls resolved this issue. but then again, there was no tls...

i would appreciate a little help on why postfix doesn't like my old settings any longer and what i have to change to get it working with 3.4.8.


i used the very same main.cf and master.cf file with the following tls related settings:
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_ciphers = low
smtpd_tls_cert_file = /etc/letsencrypt/certs/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/certs/privkey.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams/dh2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dhparams/dh512.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_ask_ccert = yes
relay_clientcerts = hash:/etc/postfix/relay_clientcerts
smtpd_client_restrictions = permit_tls_clientcerts, check_client_access hash:/etc/postfix/client_access, reject_rbl_client zen.spamhaus.org smtpd_relay_restrictions = permit_tls_clientcerts, permit_mynetworks, defer_unauth_destination


here's what the log file says:
Feb 22 08:50:07 mail postfix/smtpd[12952]: initializing the server-side TLS engine Feb 22 08:50:07 mail postfix/smtpd[12952]: connect from bendel.debian.org[82.195.75.100] Feb 22 08:50:07 mail postfix/smtpd[12952]: setting up TLS connection from bendel.debian.org[82.195.75.100] Feb 22 08:50:07 mail postfix/smtpd[12952]: bendel.debian.org[82.195.75.100]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH:!aNULL" Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:before SSL initialization Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:before SSL initialization Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS read client hello Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write server hello Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write change cipher spec Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 write encrypted extensions Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write certificate request Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write certificate Feb 22 08:50:07 mail postfix/smtpd[12815]: SSL_accept error from bendel.debian.org[82.195.75.100]: lost connection Feb 22 08:50:07 mail postfix/smtpd[12816]: SSL_accept error from bendel.debian.org[82.195.75.100]: lost connection Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 write server certificate verify Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write finished
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 early data


greetings...

Reply via email to