Re: What is happening here? (TLS Library Problem)

Thu, 09 Jun 2022 20:50:52 -0700 

On Thu, Jun 09, 2022 at 11:58:23PM +0200, Gerben Wierda wrote:

> What is happening here? (mail is delivered, I’m just curious)

The client TLS connection ended before the client sent a TLS
close_notify.  The Postfix SMTP server attempted to read the client
connection, but saw an unexpected EOF.  Since this happened after "."
(successful message delivery), it is basically normal, and nothing to
worry about.  The client is a bit "rude" to disconnect abruptly after
message delivery, but this is basically harmless.

> 
> Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from 
> [146.185.52.133]:10400 to [192.168.2.66]:25
> Jun 09 23:37:45 mail postfix/postscreen[4294]: PASS NEW [146.185.52.133]:10400
> Jun 09 23:37:45 mail smtp/smtpd[4296]: connect from 
> ims-smtp133.persgroep-ops.net[146.185.52.133]
> Jun 09 23:37:46 mail smtp/smtpd[4296]: CC868E75AA1E: 
> client=ims-smtp133.persgroep-ops.net[146.185.52.133]
> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: 
> message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net>
> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: 
> from=<nore...@mail.trouw.nl>, size=34628, nrcpt=1 (queue active)
> Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: 
> error:0A000126:SSL routines::unexpected eof while 
> reading:ssl/record/rec_layer_s3.c:309:
> Jun 09 23:37:48 mail smtp/smtpd[4296]: disconnect from 
> ims-smtp133.persgroep-ops.net[146.185.52.133] ehlo=2 starttls=1 mail=1 rcpt=1 
> data=1 commands=6

The client disconnected abruptly, indeed manifestly without sending
"QUIT", given the list of commands above (pre and post TLS EHLO, MAIL,
RCPT and DATA).

> main.cf on smtpd tls:
> 
> smtpd_tls_loglevel = 0

I'd recommend "1" rather than "0".

> smtpd_tls_security_level = may

This is correct.

> smtpd_enforce_tls = no
> smtpd_use_tls = yes

These are deprecated and redundant.

> smtpd_tls_exclude_ciphers = SSLv2, 3DES, aNULL, ADH, eNULL, EXPORT, LOW, MD5, 
> SEED, IDEA, RC2

No need to list "aNULL", "ADH", "eNULL", "EXPORT" or "LOW"

> smtpd_tls_eecdh_grade = ultra

This is a bad idea now, the "auto" setting is preferred since Postfix
3.2, and the parameter is ignored since Postfix 3.6, just drop this
from main.cf and use the default.

-- 
    Viktor.

Reply via email to