hey,
first, let me thank you for your answer. i really appreciate this!
On Monday, February 24, 2020 12:20:27 AM CET, Viktor Dukhovni wrote:
smtpd_tls_security_level = may
smtpd_tls_lloglevel = 1
That's fine, but not consistent with the verbose logging below, did you
temporarily set a higher log level?
yes, i'm sorry. i posted the original settings from my working postfix
3.1.14 installation that didn't work with postfix 3.4.8.
i tried to get to the bottom of this problem by gradually increasing
"smtpd_tls_loglevel", but with level "3" i was overwhelmed with the output
and stopped understanding most of it.
smtpd_tls_ciphers = low
These days, "medium" makes more sense, the "low" and "export"
ciphers are dead.
i new that even back then, but i had to support an old android 4.1.x phone
which didn't support higher ciphers. but since that phone is gone now, i
will change it to "medium".
And is now ready to hear back from the client, but what happened next?
This isn't the end of the logging from smtpd[12952]...
i am sorry, seems like i was too tired after dealing with this problem the
whole weekend. here's the rest (along with all the previous lines for
context):
# grep -F 'smtpd[12952]' /var/log/mail.log.1
Feb 22 08:50:07 mail postfix/smtpd[12952]: initializing the server-side TLS
engine
Feb 22 08:50:07 mail postfix/smtpd[12952]: connect from
bendel.debian.org[82.195.75.100]
Feb 22 08:50:07 mail postfix/smtpd[12952]: setting up TLS connection from
bendel.debian.org[82.195.75.100]
Feb 22 08:50:07 mail postfix/smtpd[12952]:
bendel.debian.org[82.195.75.100]: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH:!aNULL"
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:before SSL
initialization
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:before SSL
initialization
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS read client
hello
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write
server hello
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write
change cipher spec
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 write
encrypted extensions
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write
certificate request
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write
certificate
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 write server
certificate verify
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:SSLv3/TLS write
finished
Feb 22 08:50:07 mail postfix/smtpd[12952]: SSL_accept:TLSv1.3 early data
Feb 22 08:55:07 mail postfix/smtpd[12952]: SSL_accept:error in TLSv1.3
early data
Feb 22 08:55:07 mail postfix/smtpd[12952]: SSL_accept error from
bendel.debian.org[82.195.75.100]: lost connection
Feb 22 08:55:08 mail postfix/smtpd[12952]: lost connection after STARTTLS
from bendel.debian.org[82.195.75.100]
Feb 22 08:55:08 mail postfix/smtpd[12952]: disconnect from
bendel.debian.org[82.195.75.100] ehlo=1 starttls=0/1 commands=1/2
if you need anything else, please let me know.
greetings...