tls stopped working after update from 3.1.14 to 3.4.8

Sun, 23 Feb 2020 13:46:52 -0800 

hey,
after upgrading from debian stretch (providing postfix 3.1.14) to buster (providing postfix 3.4.8), i just found out that no incoming mail was received any longer. digging a little deeper showed me that turning of tls resolved this issue. but then again, there was no tls... 


i would appreciate a little help on why postfix doesn't like my old 
settings any longer and what i have to change to get it working with 3.4.8.




i used the very same main.cf and master.cf file with the following tls 
related settings:

smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_ciphers = low
smtpd_tls_cert_file = /etc/letsencrypt/certs/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/certs/privkey.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams/dh2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dhparams/dh512.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_ask_ccert = yes
relay_clientcerts = hash:/etc/postfix/relay_clientcerts

smtpd_client_restrictions = permit_tls_clientcerts, check_client_access 
hash:/etc/postfix/client_access, reject_rbl_client zen.spamhaus.org
smtpd_relay_restrictions = permit_tls_clientcerts, permit_mynetworks, 
defer_unauth_destination



here's what the log file says:

Feb 22 08:50:07 mail postfix/smtpd[12952]: initializing the server-side TLS 
engine
Feb 22 08:50:07 mail postfix/smtpd[12952]: connect from 
bendel.debian.org[82.195.75.100]
Feb 22 08:50:07 mail postfix/smtpd[12952]: setting up TLS connection from 
bendel.debian.org[82.195.75.100]
Feb 22 08:50:07 mail postfix/smtpd[12952]: 
bendel.debian.org[82.195.75.100]: TLS cipher list 
"aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH:!aNULL"
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:before SSL 
initialization
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:before SSL 
initialization
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS read client 
hello
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write 
server hello
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write 
change cipher spec
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 write 
encrypted extensions
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write 
certificate request
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write 
certificate
Feb 22 08:50:07 mail postfix/smtpd[12815]: SSL_accept error from 
bendel.debian.org[82.195.75.100]: lost connection
Feb 22 08:50:07 mail postfix/smtpd[12816]: SSL_accept error from 
bendel.debian.org[82.195.75.100]: lost connection
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 write server 
certificate verify
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write 
finished

Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 early data


greetings...























					Reply via email to