[pfx] Re: TLS Library Problem

>> postfix/smtps/smtpd[39559]: warning: TLS library problem: >> error:14094416:SSL routines:ssl3_read_bytes: >> sslv3 alert certificate unknown: >> /usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621: >> SSL alert number 46: > > The remote client was unable to

[pfx] Re: TLS Library Problem

On Sat, May 11, 2024 at 11:55:14PM -0400, Jason Hirsh via Postfix-users wrote: > I have they error message > > postfix/smtps/smtpd[39559]: warning: TLS library problem: > error:14094416:SSL routines:ssl3_read_bytes: > sslv3 alert certificate unknown: > /usr/src/crypto/

[pfx] Re: TLS Library Problem

On 11.05.24 23:55, Jason Hirsh via Postfix-users wrote: Still chasing ssl/tls issue I have they error message postfix/smtps/smtpd[39559]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3

[pfx] TLS Library Problem

Still chasing ssl/tls issue I have they error message postfix/smtps/smtpd[39559]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:SSL alert number 46: I am assuming the ie eher

[pfx] Re: why tls library problem?

On Tue, Feb 06, 2024 at 06:50:28PM +0100, Maurizio Caloro via Postfix-users wrote: > Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello: > no shared cipher:../ssl/statem/statem_srvr.c:2283: This looks like

[pfx] Re: why tls library problem?

Maurizio Caloro via Postfix-users: > Please, i see often on log file See text after >>>> > Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello:>>>>no shared > cip

[pfx] why tls library problem?

Please, i see often on log file Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../ssl/statem/statem_srvr.c:2283: Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: error

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote: > Thank you so much for the suggestion to review the crypto setting as this > indeed a RedHat based distribution. I confirmed it is set to "default" > which means “The default system-wide cryptographic policy level offers >

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks identical to what you posted for Fedora. I am not a RHEL expert but I have not see any references to opt out of the crypto policy on a per application basis. You can customize an existing crypto policy or create your own. I

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

yy.yyy.yyy.yyy]: -1 > > postfix/smtpd[1234567]: warning: TLS library problem: > > error:0398:digital envelope routines::invalid > digest:crypto/evp/m_sigver.c:343: > > postfix/smtpd[1234567]: warning: TLS library problem: > > error:0A0C0103:SSL routines::internal &

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

I don't even know whether RedHat exposes any mechanisms for applications> to opt-out of crypto policy and use only application-driven OpenSSL> configuration. This is should perhaps be looked into in the Postfix 3.9> timeframe. from my notes dealing with new Fedora crypto-policies on a number

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote: > You should of course also share > (https://www.postfix.org/DEBUG_README.html#mail) > > $ postconf -nf > $ postconf -Mf > > without any changes in whitespace, including line breaks. Attaching > these

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

> > > > Because TLS/SSL things are very complex, you have to show us real > settings all. Like me: (yw-0919: inbound, yw-1204: outbound) > [1] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-0919 > [2] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-1204 > And

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

om > xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 > May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem: > error:0398:digital envelope routines::invalid > digest:crypto/evp/m_sigver.c:343: > May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem: > error

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 > postfix/smtpd[1234567]: warning: TLS library problem: > error:0398:digital envelope routines::invalid > digest:crypto/evp/m_

[pfx] TLS Library Problem? (SSL_accept error from ...)

xxx.xxx.xxx[yyy.yyy.yyy.yyy] May 05 16:27:59 zzz postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem: error:0398:digital envelope routines::invalid digest:crypto/evp/m_sigver.c:343: May 05 16:27:59 zzz

Re: What is happening here? (TLS Library Problem)

.net[146.185.52.133] > > >>>>>> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: > > message-id=< > > 220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net >

Re: What is happening here? (TLS Library Problem)

1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net > > > >>>>>> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: from=< > nore...@mail.trouw.nl>, size=34628, nrcpt=1 (queue active)

Re: What is happening here? (TLS Library Problem)

.185.52.133] >>>>>> Jun 09 23:37:46 mail smtp/smtpd[4296]: CC868E75AA1E: >>>>>> client=ims-smtp133.persgroep-ops.net[146.185.52.133] >>>>>> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: >>>>>> message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3h

Re: What is happening here? (TLS Library Problem)

On Fri, Jun 10, 2022 at 02:55:24PM +0200, Gerben Wierda wrote: > > which links to https://github.com/openssl/openssl/issues/11378 > > . The > > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but > > kept it in the branch that become

Re: What is happening here? (TLS Library Problem)

On Fri, Jun 10, 2022 at 07:17:45AM -0400, Wietse Venema wrote: > Specifically, google 0A000126, the first result is PHP issue 8369a > which links to https://github.com/openssl/openssl/issues/11378. The > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but > kept it in the branch that

Re: What is happening here? (TLS Library Problem)

] >>>>> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: >>>>> message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> >>>>> Jun 09 23:37:48

Re: What is happening here? (TLS Library Problem)

message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> > > >> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > > >> from=, size=34628, nrcpt=1 (queue active) >

Re: What is happening here? (TLS Library Problem)

vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> > >> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > >> from=, size=34628, nrcpt=1 (queue active) > >> Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: > >> error:0A000

Re: What is happening here? (TLS Library Problem)

stfix/qmgr[8801]: CC868E75AA1E: >> from=, size=34628, nrcpt=1 (queue active) >> Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: >> error:0A000126:SSL routines::unexpected eof while >> reading:ssl/record/rec_layer_s3.c:309: >> Jun 09 23:37:48 m

Re: What is happening here? (TLS Library Problem)

sgroep-ops.net> > Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > from=, size=34628, nrcpt=1 (queue active) > Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: > error:0A000126:SSL routines::unexpected eof while > reading:ssl/record/rec_layer_s3.c:309: > Ju

Re: What is happening here? (TLS Library Problem)

E: > message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> > Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > from=, size=34628, nrcpt=1 (queue active) > Jun 09 23:37:48 mail smtp/smtpd[4296]:

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 10:55:50PM +0200, Steffen Nurpmeso wrote: > # That one is for client certificates! > #smtpd_tls_CAfile = /etc/dovecot/cert.pem The "smtpd_tls_CAfile" is unused bloat unless you solicit client certificates, and even/especially then should NOT be the standard WebPKI CA

What is happening here? (TLS Library Problem)

739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: from=, size=34628, nrcpt=1 (queue active) Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof

Re: TLS library problem: error:141FC044 after enabling TLS

Steffen Nurpmeso wrote in <20220609205550.kbvci%stef...@sdaoden.eu>: ... |.. But .. in fact postfix's TLS configuration regarding CAfile |made me appear so foolish i kept | | # That one is for client certificates! | #smtpd_tls_CAfile = /etc/dovecot/cert.pem | |in my configuration. I

Re: TLS library problem: error:141FC044 after enabling TLS

Viktor Dukhovni wrote in : |On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote: |> On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote: |>> [also there is |>> smtpd_tls_mandatory_exclude_ciphers = |>> aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, |>>

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote: > On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote: > > [also there is > > smtpd_tls_mandatory_exclude_ciphers = > > aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, > > EDH-DSS-DES-CBC3-SHA,

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote: > [also there is > smtpd_tls_mandatory_exclude_ciphers = > aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, > CBC3-SHA > but i definetely should put more

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 06:47:10PM +0200, Benny Pedersen wrote: > On 2022-06-09 17:13, Linda Pagillo wrote: > > Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours > > of staring at the screen. Josef.. THANK YOU. > > >> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 >

Re: TLS library problem: error:141FC044 after enabling TLS

Benny Pedersen wrote in <37a797bed4aeb5c01b75c262ba0fe...@junc.eu>: |On 2022-06-09 17:13, Linda Pagillo wrote: |> Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours |> of staring at the screen. Josef.. THANK YOU. | |>> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

Re: TLS library problem: error:141FC044 after enabling TLS

On 2022-06-09 17:13, Linda Pagillo wrote: Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours of staring at the screen. Josef.. THANK YOU. smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 tlsv1.1 is more weak then tlsv1, so keep tlsv1

Re: TLS library problem: error:141FC044 after enabling TLS

smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3 On 09.06.22 16:41, Josef Vybíhal wrote: By this you basically DISABLED all tls protocols. The ! means "not". Try this: smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 no, try this:

Re: TLS library problem: error:141FC044 after enabling TLS

: TLS library problem: error:141FC044:SSL routines:tls_setup_handshake:internal error:../ssl/statem/statem_lib.c:109: Jun 8 17:16:52 g1 postfix/smtpd[2153672]: lost connection after STARTTLS from mail-pl1-f180.google.com[209.85.214.180] Jun 8 17:16:52 g1 postfix/smtpd[2153672]: disconnect from

Re: TLS library problem: error:141FC044 after enabling TLS

Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours of staring at the screen. Josef.. THANK YOU. Fixed! :) On Thu, Jun 9, 2022 at 9:41 AM Josef Vybíhal wrote: > Hi, > > > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3 > > By this you basically DISABLED

Re: TLS library problem: error:141FC044 after enabling TLS

Hi, > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3 By this you basically DISABLED all tls protocols. The ! means "not". Try this: smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 You can use

TLS library problem: error:141FC044 after enabling TLS

.google.com[209.85.214.180] Jun 8 17:16:52 g1 postfix/smtpd[2153672]: SSL_accept error from mail-pl1-f180.google.com[209.85.214.180]: -1 Jun 8 17:16:52 g1 postfix/smtpd[2153672]: warning: TLS library problem: error:141FC044:SSL routines:tls_setup_handshake:internal error:../ssl/statem/statem_lib.c

Re: TLS library problem: no shared cipher

600:3c04::f03c:91ff:feea:d4d]:25: -1 posttls-finger: warning: TLS library problem: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40: I'm running Postfix 3.6-20200830 compiled with openssl-1.1.1g. Using Let's Encrypt certifi

Re: TLS library problem: no shared cipher

On Tue, 22 Sep 2020, Herbert J. Skuhra wrote: On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote: Is it possible to not announce STARTTLS to some clients? http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps Thank you! Problem circumvented but not solved

Re: TLS library problem: no shared cipher

cept error from > dragon.trusteddomain.org[208.69.40.156]: -1 > Sep 22 13:11:25 postfix/smtpd[21000]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared > cipher:ssl/statem/statem_srvr.c:2284: > Sep 22 13:11:25 postfix/smtpd[21000]: lost

Re: TLS library problem: no shared cipher

On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote: > > Is it possible to not announce STARTTLS to some clients? http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps -- Herbert

TLS library problem: no shared cipher

]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2284: Sep 22 13:11:25 postfix/smtpd[21000]: lost connection after STARTTLS from dragon.trusteddomain.org[208.69.40.156] Sep 22 13:11:25 postfix/smtpd[21000]: disconnect

Re: TLS library problem

Thank you for that, Wietse. I'm inclined to agree that talktalk is at fault here, allowing a second try to succeed. Has anyone here found this problem with talktalk? -- Dave Stiles

Re: TLS library problem

Linkcheck: > Thank you for your response, Wietse. Apologies for the delay in my > reply. I read the document you suggested and noted the possible scenario > but cannot ascribe it to this situation. > > I have been finding out a bit more about the problem. > > The sender and his son have been

Re: TLS library problem

Linkcheck: > May 13 12:16:25 BRISTOLWEB postfix/submission/smtpd[12960]: warning: TLS > library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption > failed or bad record mac:s3_pkt.c:532: Choose one or more. 1: broken TCP or broken proxy. The TCP content was

TLS library problem

[12927]: ACA963200DC: message-id= May 13 12:16:25 BRISTOLWEB postfix/submission/smtpd[12960]: warning: TLS library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:532: May 13 12:16:25 BRISTOLWEB postfix/submission/smtpd[12960]: lost connection after

Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

? From: hamdi201...@gmail.comSent: February 7, 2020 10:37 PMTo: postfix-users@postfix.orgSubject: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol? Hi everyone

Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

On Sat, Feb 08, 2020 at 09:36:41AM +0300, Andreas X wrote: > Hi everyone. I have a php contact form, that reports the following postfix > error (getting that in maillog file): https://hastepaste.com/view/jr41N It is rude to post links to pastebins. If you want help, please paste all the logs

warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

Hi everyone. I have a php contact form, that reports the following postfix error (getting that in maillog file): https://hastepaste.com/view/jr41N The same applies for, when I send an e-mail to that e-mail address by using Outlook. Obviously my mail server having troubles sending e-mails to some

Re: warning: TLS library problem - messages in log

> On Apr 29, 2018, at 12:06 PM, Dominic Raferd wrote: > > > Thanks Viktor, I will bear this in mind for the future. But even if > (with your help) I could determine exactly what the problem was for > these two senders I think there is zero chance they would be >

Re: warning: TLS library problem - messages in log

On 29 April 2018 at 16:57, Viktor Dukhovni wrote: > > >> On Apr 29, 2018, at 3:37 AM, Dominic Raferd wrote: >> >> This is a genuine and expected sender (VoIP provider). I am less sure >> about atlas.net.tr, but it is probably genuine and

Re: warning: TLS library problem - messages in log

> On Apr 29, 2018, at 3:37 AM, Dominic Raferd wrote: > > This is a genuine and expected sender (VoIP provider). I am less sure > about atlas.net.tr, but it is probably genuine and expected by > recipient too. Unwanted ones I have not bothered to report here. > > I

Re: warning: TLS library problem - messages in log

On 29 April 2018 at 08:35, Viktor Dukhovni wrote: > > >> On Apr 29, 2018, at 3:28 AM, @lbutlr wrote: >> >> It appears that Swiss domain uses Google for their email: >> >> finarea.ch. 21599 IN MX 20 alt2.aspmx.l.google.com. >>

Re: warning: TLS library problem - messages in log

> On Apr 29, 2018, at 3:28 AM, @lbutlr wrote: > > It appears that Swiss domain uses Google for their email: > > finarea.ch. 21599 IN MX 20 alt2.aspmx.l.google.com. > finarea.ch. 21599 IN MX 30 aspmx2.googlemail.com. > finarea.ch.

Re: warning: TLS library problem - messages in log

On 29 Apr 2018, at 01:18, Dominic Raferd wrote: > I've now found similar fall-backs for atlas.net.tr (Turkish service > provider) - same TLS problem 'error:1408A10B:SSL > routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:'. I > guess that (in both cases)

Re: warning: TLS library problem - messages in log

entries: 2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: connect from smtp1.finarea.ch[77.72.174.188] 2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: SSL_accept error from smtp1.finarea.ch[77.72.174.188]: -1 2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: warning: TLS library problem: error:

Re: warning: TLS library problem - messages in log

> On Apr 28, 2018, at 3:40 AM, Dominic Raferd wrote: > > So far I have one genuine sender that is failing TLS, but upon > checking I see that it falls back to cleartext. It'd be interesting to know why that particular sender is having trouble. Can you provide more

Re: warning: TLS library problem - messages in log

On 27 April 2018 at 17:17, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > >> On Apr 27, 2018, at 2:22 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: >> >> $ grep -a "warning: TLS library problem" /var/log/mail.log.1 >> /var/l

Re: warning: TLS library problem - messages in log

> On Apr 27, 2018, at 2:22 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: > > $ grep -a "warning: TLS library problem" /var/log/mail.log.1 > /var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr > 12 error:1408F10B:SSL routines:SSL3_GET_R

Re: warning: TLS library problem - messages in log

On 27 April 2018 at 08:57, Poliman - Serwis <ser...@poliman.pl> wrote: > 2018-04-27 8:22 GMT+02:00 Dominic Raferd <domi...@timedicer.co.uk>: >> >> I have always received a number of warning messages (from >> postfix/smtpd) stating 'TLS library proble

Re: warning: TLS library problem - messages in log

received a number of warning messages (from > postfix/smtpd) stating 'TLS library problem' in my mail logs and I > think they are always followed by a dropped incoming connection. I > have hitherto assumed that they reflect a badly-configured (probably > spamming) foreign client/host, but the m

warning: TLS library problem - messages in log

I have always received a number of warning messages (from postfix/smtpd) stating 'TLS library problem' in my mail logs and I think they are always followed by a dropped incoming connection. I have hitherto assumed that they reflect a badly-configured (probably spamming) foreign client/host

Re: warning: TLS library problem

On Jan 24, 2018, at 9:25 PM, li...@lazygranch.com wrote: postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: Should I be blocking some encryption method? I thought openssl dropped support for the hackable

Re: warning: TLS library problem

> On Jan 24, 2018, at 9:25 PM, li...@lazygranch.com wrote: > > postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL > routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: > > Should I be blocking some encryption method? I thought openssl

warning: TLS library problem

postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: Should I be blocking some encryption method? I thought openssl dropped support for the hackable protocols.

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

>> thanks, both were from same no hostname IP address >> >> # host 125.212.217.214 >> Host 214.217.212.125.in-addr.arpa. not found: 3(NXDOMAIN) > > According to "whois" that's an IP address in Vietnam... > well, we have about 20+ users located in Bangkok (whilst server is in Aus), so I'd guess

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > With Postfix 2.11 or later, just leave this empty, session tickets work > better. Viktor, thanks does 'leave empty' means have it present on main.cf up to '=' ? as so ? smtpd_tls_session_cache_database =

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

> On Dec 26, 2017, at 1:39 AM, li...@sbt.net.au wrote: Overall quite standard. Nothing to worry about. > smtpd_tls_session_cache_timeout = 36000s 10 hours is perhaps too long to be useful. Just let the default stand. > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

> On Dec 26, 2017, at 1:34 AM, li...@sbt.net.au wrote: > >> >> Generally no. There are some SMTP clients that both TLS, s/both/botch/ Hope that's less confusing. >> they'll either retry in the clear, or they are likely shoddy >> spamware. >> Other log messages will show the IP

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

>> On Dec 25, 2017, at 8:57 PM, li...@sbt.net.au wrote: > This of course assumes you've not configured particularly exotic TLS > settings on your end. Viktor, thanks again, I hope it's not exotic, not to my knowledge, anyhow: that that show what it is ? suggestions and corrections appreciated

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

from unknown[125.212.217.214] ehlo=1 starttls=1 commands=2 Dec 25 08:39:24 geko postfix/smtpd[9701]: SSL_accept error from unknown[125.212.217.214]: -1 Dec 25 08:39:24 geko postfix/smtpd[9701]: warning: TLS library problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

> On Dec 25, 2017, at 8:57 PM, li...@sbt.net.au wrote: > > anything to worry about ? Generally no. There are some SMTP clients that both TLS, they'll either retry in the clear, or they are likely shoddy spamware. > # grep 'TLS library problem' /var/log/maillog* > /var/log/ma

TLS library problem: error:140760FC:SSL routines, is it a problem ?

whilst installing/configuring 2.1 to 3.2.x migration (using 2.1 main/master on 3.2 install), noticed these errors: anything to worry about ? # grep 'TLS library problem' /var/log/maillog* /var/log/maillog:Dec 25 08:39:21 geko postfix/smtpd[9701]: warning: TLS library problem: error:140760FC:SSL

Re: SSL_accept error/TLS library problem

On Tue, Mar 08, 2016 at 10:10:13AM +0100, Thomas Keller wrote: > postfix/smtpd[2608]: connect from 61-216-2-13.HINET-IP.hinet.net[61.216.2.13] A compromised botnet machine is connecting to your Postfix server. > postfix/smtpd[2608]: warning: TLS library problem: 2608:error:1408F1

SSL_accept error/TLS library problem

could somebody please explain what these errors mean ? postfix/smtpd[2608]: connect from 61-216-2-13.HINET-IP.hinet.net[61.216.2.13] postfix/smtpd[2608]: SSL_accept error from 61-216-2-13.HINET-IP.hinet.net[61.216.2.13]: -1 postfix/smtpd[2608]: warning: TLS library problem: 2608:error

Re: TLS library problem

2 of large size or quantity; generous or abundant:   Definitely meant as above. Steve

Re: TLS library problem

On Thu, Feb 19, 2015 at 04:29:51PM -, st...@thornet.co.uk wrote: Thanks very much for your fulsome response. I'll do some more checking Note: :-) fulsome: adjective 1 complimentary or flattering to an excessive degree: 'the press are embarrassingly fulsome in their

TLS library problem

We have lots of these in the logs warning: TLS library problem: 15696:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1256:SSL alert number 46: Should I be worried ? Thanks Steve

Re: TLS library problem

Am 19.02.2015 um 16:53 schrieb st...@thornet.co.uk: We have lots of these in the logs warning: TLS library problem: 15696:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1256:SSL alert number 46: Should I be worried? without the realted loglines above

Re: TLS library problem

On Thu, Feb 19, 2015 at 03:53:13PM -, st...@thornet.co.uk wrote: We have lots of these in the logs warning: TLS library problem:15696:error:14094416: SSL routines:SSL3_READ_BYTES: sslv3 alert certificate unknown: s3_pkt.c:1256: SSL alert number 46: Should I be worried You

Re: TLS library problem

* This is logged by your smtpd(8) server. * A small set of organizations operate remote SMTP clients that trigger this warning when sending email to you. Most inbound mail uses TLS without generating said warning. [snip] Viktor Thanks very much for your fulsome

Re: TLS Library Problem

On Jan 31, 2015, at 7:15 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Sat, Jan 31, 2015 at 05:16:33PM -0700, LuKreme wrote: The start was just date stamp info and PID: Jan 31 01:52:10 mail postfix/smtpd[62297]: warning: TLS library problem: error:14094412:SSL

Re: TLS Library Problem

]: warning: TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1293:SSL alert number 42: Which confirms that the problem is with your SMTP server as expected. It does? I don’t know what in the error (especially with the addition of Jan 31 01:52

Re: TLS Library Problem

On Sun, Feb 01, 2015 at 02:13:46AM -0700, LuKreme wrote: Which confirms that the problem is with your SMTP server as expected. It does? Sorry, confirms that the problem is observed on the server side. The evidence to conclude which side is not there. However, both Postfix and OpenSSL are

Re: TLS Library Problem

Am 01.02.2015 um 22:26 schrieb LuKreme: On 01 Feb 2015, at 05:41 , DTNX Postmaster postmas...@dtnx.net wrote: By the way, CA-signed certificates start at less than $10/year, so if you ever do run into an issue which might be resolved by getting one, and your configuration isn't too complex,

Re: TLS Library Problem

On Sun, Feb 01, 2015 at 11:42:30PM +0100, li...@rhsoft.net wrote: For MSAs offering service to Joe Public, sure you'll want a CA-issued cert. I only referred to the interval between expiry is long enough that I get to learn everything over from first principles every time I have to replace

Re: TLS Library Problem

On 01 Feb 2015, at 05:41 , DTNX Postmaster postmas...@dtnx.net wrote: By the way, CA-signed certificates start at less than $10/year, so if you ever do run into an issue which might be resolved by getting one, and your configuration isn't too complex, I would suggest spending that little bit

Re: TLS Library Problem

On Sun, Feb 01, 2015 at 10:32:53PM +0100, li...@rhsoft.net wrote: just make it once in your lifetime, create a template for default params and a script with minimal maintainance like for hash-method and keylength - the script below in any case builds a self signed PEM with key and cert as well

Re: TLS Library Problem

Am 01.02.2015 um 23:15 schrieb Viktor Dukhovni: On Sun, Feb 01, 2015 at 10:32:53PM +0100, li...@rhsoft.net wrote: just make it once in your lifetime, create a template for default params and a script with minimal maintainance like for hash-method and keylength - the script below in any case

Re: TLS Library Problem

On Sat, Jan 31, 2015 at 03:34:35PM -0700, LuKreme wrote: Since I am not seeing a load of these, I am assuming this is indicating the error is on the other end? TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1293:SSL alert number 42

Re: TLS Library Problem

On Sat, Jan 31, 2015 at 05:16:33PM -0700, LuKreme wrote: The start was just date stamp info and PID: Jan 31 01:52:10 mail postfix/smtpd[62297]: warning: TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1293:SSL alert number 42: Which

TLS Library Problem

Since I am not seeing a load of these, I am assuming this is indicating the error is on the other end? TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1293:SSL alert number 42: -- 'There has to be enough light,' he panted, 'to see

Re: TLS Library Problem

On Jan 31, 2015, at 4:28 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Sat, Jan 31, 2015 at 03:34:35PM -0700, LuKreme wrote: Since I am not seeing a load of these, I am assuming this is indicating the error is on the other end? TLS library problem: error:14094412:SSL

RE: TLS library problem - handshake failure

unknown_local_recipient_reject_code = 550 virtual_mailbox_limit = 6000 Regards, Robin From: Wakefield, Robin Sent: 23 August 2014 00:24 To: postfix-users@postfix.org Subject: TLS library problem - handshake failure Hi, We recently upgraded from Postfix 2.5.5 to 2.8.17 and OpenSSL 0.9.8k to 1.0.1h (both compiled from

Re: TLS library problem - handshake failure

Any thoughts on next steps without having to contact the target domains? I have read about disabling TLSEXT_TYPE_PADDING when compiling OpenSSL - would this be my next step, or was this somehow fixed in the releases we are using? Any other way I could simulate this problem, as we have had

TLS library problem - handshake failure

197553 mail.info] SSL_connect error to ssc-dc2-mx02.chainiq.com[193.169.186.213]:25: -1 Aug 22 23:51:37 ssng0016xmh postfix-internal/smtp[6284]: [ID 947731 mail.warning] warning: TLS library problem: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:762: Aug 22

  1   2   >