On May 11, 2020, at 11:19 PM, Alexander Vasarab <alexander+p...@vasaconsulting.com> wrote:
> I've captured the relevant conversation. In doing so, it became clear to > me that when the message succeeds after immediately trying again, it > does so because the subsequent connection does not try to use TLS. So > the pattern is: attempt TLS connection, fail, attempt plaintext > connection, succeed. This was alarming to realize. > > From the pcap, in brief: I see the connection, STARTTLS, TLSv1.2 > handshake succeed, "application data" packets being exchanged using > TLSv1.2. Finally, my mail server sends two TCP packets with the RST flag > set. Between those two packets is an 'encrypted alert' packet from the > foreign mailserver. The encrypted alert is almost certain to be a close_notify. But you're saying that your server sends a RST first? That's surprising, please post the PCAP file (just the one session), and the associated Postfix logs. > > I'm not certain on the norms of this mailing list but I can put the > entire pcap somewhere if it would be helpful, it's 35 frames long. Attaching it is fine, if you're willing to disclose the IP addresses and hostnames of the two servers. -- Viktor.