Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

[lists]

  https://access.redhat.com/solutions/120383Did you do the poodle block back in the day? From: hamdi201...@gmail.comSent: February 7, 2020 10:37 PMTo: postfix-users@postfix.orgSubject: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?  Hi everyone. I have a php contact form, that reports the following postfix error (getting that in maillog file): https://hastepaste.com/view/jr41NThe same applies for, when I send an e-mail to that e-mail address by using Outlook. Obviously my mail server having troubles sending e-mails to some servers in public, perhaps the remote e-mail server doesn't has SSL/TLS activated, maybe? But, I don't enforce/force smtp tls, having: smtp_tls_security_level = may  - in my main.cf.How can I solve this problem from my side? Thank you.

Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

[Viktor Dukhovni]

On Sat, Feb 08, 2020 at 09:36:41AM +0300, Andreas X wrote:

> Hi everyone. I have a php contact form, that reports the following postfix
> error (getting that in maillog file): https://hastepaste.com/view/jr41N

It is rude to post links to pastebins.  If you want help, please paste
all the logs for the relevant message to the list, with as least the
destination domain not obfuscated (if at all possible).

-- 
Viktor.

warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

[Andreas X]

Hi everyone. I have a php contact form, that reports the following postfix
error (getting that in maillog file): https://hastepaste.com/view/jr41N

The same applies for, when I send an e-mail to that e-mail address by using
Outlook.

Obviously my mail server having troubles sending e-mails to some servers in
public, perhaps the remote e-mail server doesn't has SSL/TLS activated,
maybe? But, I don't enforce/force smtp tls, having: smtp_tls_security_level
= may  - in my main.cf.

How can I solve this problem from my side?

Thank you.

Re: warning: TLS library problem - messages in log

[Viktor Dukhovni]

> On Apr 29, 2018, at 12:06 PM, Dominic Raferd  wrote:
> 
> 
> Thanks Viktor, I will bear this in mind for the future. But even if
> (with your help) I could determine exactly what the problem was for
> these two senders I think there is zero chance they would be
> interested in hearing from me about it.

The effort might be primarily to make sure that there's not an
unexpected problem in the SSL software or settings on your side.

-- 
Viktor.

Re: warning: TLS library problem - messages in log

[Dominic Raferd]

On 29 April 2018 at 16:57, Viktor Dukhovni  wrote:
>
>
>> On Apr 29, 2018, at 3:37 AM, Dominic Raferd  wrote:
>>
>> This is a genuine and expected sender (VoIP provider). I am less sure
>> about atlas.net.tr, but it is probably genuine and expected by
>> recipient too. Unwanted ones I have not bothered to report here.
>>
>> I don't require encryption on port 25: smtpd_tls_security_level = may
>
> If you have time to look into this further, you need full-packet
> capture PCAP files.
>
>   # set -- 192.0.2.1 192.0.2.2 # season to taste
>   # filter=; for ip
> do
>   [ -n "$filter" ] && filter="$filter or "
>   filter="${filter}tcp host $ip"
> done
>   # tcpdump -s0 -w /var/tmp/tls.pcap $filter

Thanks Viktor, I will bear this in mind for the future. But even if
(with your help) I could determine exactly what the problem was for
these two senders I think there is zero chance they would be
interested in hearing from me about it.

Re: warning: TLS library problem - messages in log

[Viktor Dukhovni]

> On Apr 29, 2018, at 3:37 AM, Dominic Raferd  wrote:
> 
> This is a genuine and expected sender (VoIP provider). I am less sure
> about atlas.net.tr, but it is probably genuine and expected by
> recipient too. Unwanted ones I have not bothered to report here.
> 
> I don't require encryption on port 25: smtpd_tls_security_level = may

If you have time to look into this further, you need full-packet
capture PCAP files.

  # set -- 192.0.2.1 192.0.2.2 # season to taste
  # filter=; for ip
do
  [ -n "$filter" ] && filter="$filter or "
  filter="${filter}tcp host $ip"
done
  # tcpdump -s0 -w /var/tmp/tls.pcap $filter

-- 
Viktor.

Re: warning: TLS library problem - messages in log

[Dominic Raferd]

On 29 April 2018 at 08:35, Viktor Dukhovni  wrote:
>
>
>> On Apr 29, 2018, at 3:28 AM, @lbutlr  wrote:
>>
>> It appears that Swiss domain uses Google for their email:
>>
>> finarea.ch.   21599   IN  MX  20 alt2.aspmx.l.google.com.
>> finarea.ch.   21599   IN  MX  30 aspmx2.googlemail.com.
>> finarea.ch.   21599   IN  MX  30 aspmx3.googlemail.com.
>> finarea.ch.   21599   IN  MX  30 aspmx4.googlemail.com.
>> finarea.ch.   21599   IN  MX  30 aspmx5.googlemail.com.
>> finarea.ch.   21599   IN  MX  10 aspmx.l.google.com.
>> finarea.ch.   21599   IN  MX  20 alt1.aspmx.l.google.com.
>> finarea.ch.   21599   IN  TXT "v=spf1 
>> include:aspmx.googlemail.coma:spf.finarea.ch ~all”
>>
>>
>> So the smpt1 looks suspicious.
>
> No. Fairly typical.

This is a genuine and expected sender (VoIP provider). I am less sure
about atlas.net.tr, but it is probably genuine and expected by
recipient too. Unwanted ones I have not bothered to report here.

I don't require encryption on port 25: smtpd_tls_security_level = may

Re: warning: TLS library problem - messages in log

[Viktor Dukhovni]

> On Apr 29, 2018, at 3:28 AM, @lbutlr  wrote:
> 
> It appears that Swiss domain uses Google for their email:
> 
> finarea.ch.   21599   IN  MX  20 alt2.aspmx.l.google.com.
> finarea.ch.   21599   IN  MX  30 aspmx2.googlemail.com.
> finarea.ch.   21599   IN  MX  30 aspmx3.googlemail.com.
> finarea.ch.   21599   IN  MX  30 aspmx4.googlemail.com.
> finarea.ch.   21599   IN  MX  30 aspmx5.googlemail.com.
> finarea.ch.   21599   IN  MX  10 aspmx.l.google.com.
> finarea.ch.   21599   IN  MX  20 alt1.aspmx.l.google.com.
> finarea.ch.   21599   IN  TXT "v=spf1 
> include:aspmx.googlemail.coma:spf.finarea.ch ~all”
> 
> 
> So the smpt1 looks suspicious.

No. Fairly typical.

-- 
Viktor.

Re: warning: TLS library problem - messages in log

[@lbutlr]

On 29 Apr 2018, at 01:18, Dominic Raferd  wrote:
> I've now found similar fall-backs for atlas.net.tr (Turkish service
> provider) - same TLS problem 'error:1408A10B:SSL
> routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:'. I
> guess that (in both cases) this is because the incoming client is old
> and can't offer better security than SSL3 - which we reject.


Are you expecting legit mail from these sources? Are you requiring encryption 
on port 25 (this is a bad idea).

My take on SSL3 (or lower) is the these are attempts to force an unsafe 
exploitable encryption and that these are not connections from legitimate mail 
servers. YMMV.

It appears that Swiss domain uses Google for their email:

finarea.ch. 21599   IN  MX  20 alt2.aspmx.l.google.com.
finarea.ch. 21599   IN  MX  30 aspmx2.googlemail.com.
finarea.ch. 21599   IN  MX  30 aspmx3.googlemail.com.
finarea.ch. 21599   IN  MX  30 aspmx4.googlemail.com.
finarea.ch. 21599   IN  MX  30 aspmx5.googlemail.com.
finarea.ch. 21599   IN  MX  10 aspmx.l.google.com.
finarea.ch. 21599   IN  MX  20 alt1.aspmx.l.google.com.
finarea.ch. 21599   IN  TXT "v=spf1 
include:aspmx.googlemail.com a:spf.finarea.ch ~all”


So the smpt1 looks suspicious.


-- 
Moving into the universe
And she's drifting this way and that
Not touching the ground at all
And she's up above the yard

Re: warning: TLS library problem - messages in log

[Dominic Raferd]

On 28 April 2018 at 15:43, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
>
>
>> On Apr 28, 2018, at 3:40 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote:
>>
>> So far I have one genuine sender that is failing TLS, but upon
>> checking I see that it falls back to cleartext.
>
> It'd be interesting to know why that particular sender is having
> trouble.  Can you provide more detail?
>
> Some senders have SMTP client implementations that refuse to complete
> a STARTTLS handshake when they can't verify the server's certificate
> chain, but are then willing to send in the clear.  The logic of
> downgrading from unauthenticated encryption to unauthenticated cleartext
> rather escapes me. :-)
>
>   
> http://postfix.1071664.n5.nabble.com/Another-yahoo-problem-tp89756p89769.html

Here are the relevant log entries:
2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: connect from
smtp1.finarea.ch[77.72.174.188]
2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: SSL_accept error
from smtp1.finarea.ch[77.72.174.188]: -1
2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: warning: TLS
library problem: error:1408A10B:SSL
routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:
2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: lost connection
after STARTTLS from smtp1.finarea.ch[77.72.174.188]
2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: disconnect from
smtp1.finarea.ch[77.72.174.188] ehlo=1 starttls=0/1 commands=1/2
2018-03-26 00:29:23 ourdomain postfix/smtpd[6043]: connect from
smtp1.finarea.ch[77.72.174.188]
2018-03-26 00:29:23 ourdomain postfix/smtpd[6043]: 884A860167:
client=smtp1.finarea.ch[77.72.174.188]
2018-03-26 00:29:23 ourdomain postfix/cleanup[6091]: 884A860167:
message-id=<61f7f420541b2be8ac51dbe240ff2...@18185.co.uk>
2018-03-26 00:29:23 ourdomain opendmarc[1566]: 884A860167:
SPF(mailfrom): donotre...@18185.co.uk fail
2018-03-26 00:29:23 ourdomain postfix/smtpd[6043]: disconnect from
smtp1.finarea.ch[77.72.174.188] helo=1 mail=1 rcpt=1 data=1 quit=1
commands=5
...continues to successful delivery...

I've now found similar fall-backs for atlas.net.tr (Turkish service
provider) - same TLS problem 'error:1408A10B:SSL
routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:'. I
guess that (in both cases) this is because the incoming client is old
and can't offer better security than SSL3 - which we reject.

My TLS settings are pretty standard:
# postconf -n|grep smtpd_tls|grep -v _file
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may

Re: warning: TLS library problem - messages in log

[Viktor Dukhovni]

> On Apr 28, 2018, at 3:40 AM, Dominic Raferd  wrote:
> 
> So far I have one genuine sender that is failing TLS, but upon
> checking I see that it falls back to cleartext.

It'd be interesting to know why that particular sender is having
trouble.  Can you provide more detail?

Some senders have SMTP client implementations that refuse to complete
a STARTTLS handshake when they can't verify the server's certificate
chain, but are then willing to send in the clear.  The logic of
downgrading from unauthenticated encryption to unauthenticated cleartext
rather escapes me. :-)

  http://postfix.1071664.n5.nabble.com/Another-yahoo-problem-tp89756p89769.html


-- 
Viktor.

Re: warning: TLS library problem - messages in log

[Dominic Raferd]

On 27 April 2018 at 17:17, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
>
>
>> On Apr 27, 2018, at 2:22 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote:
>>
>> $ grep -a "warning: TLS library problem" /var/log/mail.log.1
>> /var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr
>> 12 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
>> number:s3_pkt.c:362:
>> 11 error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
>> version number:s3_srvr.c:960:
>> 10 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>> protocol:s23_srvr.c:640:
>>  2 error:1408A0E3:SSL routines:ssl3_get_client_hello:parse
>> tlsext:s3_srvr.c:1239:
>>
>> Should I be concerned about these messages?
>
> To know the answer you need to consider which clients are running into
> this, and whether:
>
>   * These clients are just network scanners and never send email
>   * Are spammers and would send email if they could, but you're happy for 
> them to fail
>   * Are legitimate email senders, and fall back to cleartext.  In which case
> you're perhaps rather they use TLS, and should investigate further.
>   * Are legitimate email senders, and don't fall back to cleartext (you don't
> see a message in the clear from them shortly after each TLS failure).
> In which case you're losing some email and really should investigate.
>
> The errors broadly suggest use of unsupported TLS protocol versions or
> unsupported TLS features, or simply malformed handshake messages.  That
> would be expected from scanners, but can also happen if you're configured
> too strictly, for example, to exclude everything below TLSv1.2.
>
> So if you want to be sure, you'll need to do some further log analysis,
> and perhaps collect some PCAP files with full packet captures for any
> clients or netblocks that exhibit the symptoms repeatedly.

Thanks Viktor for that very clear explanation. I will start using
(something like) this for monitoring my logs:

sed -n '/SSL_accept error/{N;/warning: TLS library problem/{s/.* from
\([^:]*\).*/\1/;/unknown\[/d;/shodan\.io\[/d;p}}' /var/log/mail.log

So far I have one genuine sender that is failing TLS, but upon
checking I see that it falls back to cleartext.

Re: warning: TLS library problem - messages in log

[Viktor Dukhovni]

> On Apr 27, 2018, at 2:22 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote:
> 
> $ grep -a "warning: TLS library problem" /var/log/mail.log.1
> /var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr
> 12 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:362:
> 11 error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
> version number:s3_srvr.c:960:
> 10 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol:s23_srvr.c:640:
>  2 error:1408A0E3:SSL routines:ssl3_get_client_hello:parse
> tlsext:s3_srvr.c:1239:
> 
> Should I be concerned about these messages?

To know the answer you need to consider which clients are running into
this, and whether:

  * These clients are just network scanners and never send email
  * Are spammers and would send email if they could, but you're happy for them 
to fail
  * Are legitimate email senders, and fall back to cleartext.  In which case
you're perhaps rather they use TLS, and should investigate further.
  * Are legitimate email senders, and don't fall back to cleartext (you don't
see a message in the clear from them shortly after each TLS failure).
In which case you're losing some email and really should investigate.

The errors broadly suggest use of unsupported TLS protocol versions or
unsupported TLS features, or simply malformed handshake messages.  That
would be expected from scanners, but can also happen if you're configured
too strictly, for example, to exclude everything below TLSv1.2.

So if you want to be sure, you'll need to do some further log analysis,
and perhaps collect some PCAP files with full packet captures for any
clients or netblocks that exhibit the symptoms repeatedly.

-- 
Viktor.

Re: warning: TLS library problem - messages in log

[Dominic Raferd]

On 27 April 2018 at 08:57, Poliman - Serwis <ser...@poliman.pl> wrote:

> 2018-04-27 8:22 GMT+02:00 Dominic Raferd <domi...@timedicer.co.uk>:
>>
>> I have always received a number of warning messages (from
>> postfix/smtpd) stating 'TLS library problem' in my mail logs and I
>> think they are always followed by a dropped incoming connection. I
>> have hitherto assumed that they reflect a badly-configured (probably
>> spamming) foreign client/host, but the messages could be read as
>> implying an internal problem on my mailserver. Which is true?
>>
>> The details of the reported error messages over the recent period can
>> be summarised thus:
>>
>> $ grep -a "warning: TLS library problem" /var/log/mail.log.1
>> /var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr
>>  12 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
>> number:s3_pkt.c:362:
>>  11 error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
>> version number:s3_srvr.c:960:
>>  10 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>> protocol:s23_srvr.c:640:
>>   2 error:1408A0E3:SSL routines:ssl3_get_client_hello:parse
>> tlsext:s3_srvr.c:1239:
>>
>> Should I be concerned about these messages?
> I have almost same logs. Some time ago I asked people on this mailing list.
> They said that somebody tries to connect to your server but he can't because
> of too old ssl he uses. You can ignore it.


Thanks for your reply. In the absence of comments to the contrary I
take that as canonical. I still think the TLS library problem warning
message is confusing, but at least I can stop worrying about it.

Re: warning: TLS library problem - messages in log

[Poliman - Serwis]

I have almost same logs. Some time ago I asked people on this mailing list.
They said that somebody tries to connect to your server but he can't
because of too old ssl he uses. You can ignore it.

2018-04-27 8:22 GMT+02:00 Dominic Raferd <domi...@timedicer.co.uk>:

> I have always received a number of warning messages (from
> postfix/smtpd) stating 'TLS library problem' in my mail logs and I
> think they are always followed by a dropped incoming connection. I
> have hitherto assumed that they reflect a badly-configured (probably
> spamming) foreign client/host, but the messages could be read as
> implying an internal problem on my mailserver. Which is true?
>
> The details of the reported error messages over the recent period can
> be summarised thus:
>
> $ grep -a "warning: TLS library problem" /var/log/mail.log.1
> /var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr
>  12 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:362:
>  11 error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
> version number:s3_srvr.c:960:
>  10 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol:s23_srvr.c:640:
>   2 error:1408A0E3:SSL routines:ssl3_get_client_hello:parse
> tlsext:s3_srvr.c:1239:
>
> Should I be concerned about these messages?
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

warning: TLS library problem - messages in log

[Dominic Raferd]

I have always received a number of warning messages (from
postfix/smtpd) stating 'TLS library problem' in my mail logs and I
think they are always followed by a dropped incoming connection. I
have hitherto assumed that they reflect a badly-configured (probably
spamming) foreign client/host, but the messages could be read as
implying an internal problem on my mailserver. Which is true?

The details of the reported error messages over the recent period can
be summarised thus:

$ grep -a "warning: TLS library problem" /var/log/mail.log.1
/var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr
 12 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:362:
 11 error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
version number:s3_srvr.c:960:
 10 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol:s23_srvr.c:640:
  2 error:1408A0E3:SSL routines:ssl3_get_client_hello:parse
tlsext:s3_srvr.c:1239:

Should I be concerned about these messages?

Re: warning: TLS library problem

[Matus UHLAR - fantomas]

On Jan 24, 2018, at 9:25 PM, li...@lazygranch.com wrote:

postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:

Should I be blocking some encryption method? I thought openssl dropped
support for the hackable protocols.


On 24.01.18 22:41, Viktor Dukhovni wrote:

The error message is not what it appears.  The SSLv23 functions are the
generic layer that handles all protocol versions before the actual protocol
is determined.


for example, dropping connection or speaking plaintest to it can result in
this kind of error.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Re: warning: TLS library problem

[Viktor Dukhovni]

> On Jan 24, 2018, at 9:25 PM, li...@lazygranch.com wrote:
> 
> postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
> 
> Should I be blocking some encryption method? I thought openssl dropped
> support for the hackable protocols.

The error message is not what it appears.  The SSLv23 functions are the
generic layer that handles all protocol versions before the actual protocol
is determined.

-- 
Viktor.

warning: TLS library problem

[li...@lazygranch.com]

postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:

Should I be blocking some encryption method? I thought openssl dropped
support for the hackable protocols.

warning: TLS library problem: 457:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293:

[Thomas Glanzmann]

Hello everyone,
I have problem receiving e-mails via STARTSSL from the hays mailservers. It
bails out with the following error message. My mailserver is infra.glanzmann.de
and I have no trouble receiving or sending e-mail via startssl to a various
mailserver with official or unofficial signed certificates.

Sep 20 13:15:03 infra postfix/smtpd[457]: connect from 
mail2.hays.de[93.188.241.74]
Sep 20 13:15:03 infra postfix/smtpd[457]: setting up TLS connection from 
mail2.hays.de[93.188.241.74]
Sep 20 13:15:04 infra postfix/smtpd[457]: SSL_accept error from 
mail2.hays.de[93.188.241.74]: -1
Sep 20 13:15:04 infra postfix/smtpd[457]: warning: TLS library problem: 
457:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
number:s3_pkt.c:293:
Sep 20 13:15:04 infra postfix/smtpd[457]: lost connection after STARTTLS from 
mail2.hays.de[93.188.241.74]
Sep 20 13:15:04 infra postfix/smtpd[457]: disconnect from 
mail2.hays.de[93.188.241.74]

Has someone an idea what the problem is here and how I can get a workaround to
not offer startssl to the hays mailservers?

(infra) [~] grep tls /etc/postfix/main.cf
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_cert_file = /etc/ssl/private/postfix-chain.pem
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_key_file = /etc/ssl/private/server.key
smtp_tls_cert_file = /etc/ssl/private/postfix-chain.pem
smtp_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_ask_ccert = yes

Cheers,
Thomas

RE: warning: TLS library problem: 457:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293:

[Driessen]

On Behalf Of Thomas Glanzmann
 
 Has someone an idea what the problem is here and how I can get a
 workaround to
 not offer startssl to the hays mailservers?

smtpd_discard_ehlo_keyword_address_maps



Mit freundlichen Grüßen

Drießen

-- 
Software  Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: +49 06708 / 660045   Fax: +49 06708 / 661397