Public bug reported: Everytime my email server (Ubuntu Server 12.04) receives an email sent from google.com (e.g. gmail) using TLS with the RC4-MD5 cipher, it fails. Here is the output of once such interaction.
I have set smtpd_tls_loglevel=2 in /etc/postfix/main.cf in hopes this will help. Note that I have replaced my actual hostname with 'myhostname' May 17 15:43:02 myhostname postfix/smtpd[28328]: initializing the server-side TLS engine May 17 15:43:02 myhostname postfix/smtpd[28328]: connect from mail-yw0-f47.google.com[209.85.213.47] May 17 15:43:03 myhostname postfix/smtpd[28328]: setting up TLS connection from mail-yw0-f47.google.com[209.85.213.47] May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH" May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:before/accept initialization May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client hello A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server hello A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write certificate A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server done A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client key exchange A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read finished A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write change cipher spec A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write finished A May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: save session DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp to smtpd cache May 17 15:43:03 myhostname postfix/tlsmgr[28319]: put smtpd session id=DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17 780133B84CE85D295&s=smtp [data 127 bytes] May 17 15:43:03 myhostname postfix/tlsmgr[28319]: write smtpd TLS cache entry DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp: time=1337294583 [data 127 bytes] May 17 15:43:03 myhostname postfix/smtpd[28328]: Anonymous TLS connection established from mail-yw0-f47.google.com[209.85.213.47]: TLSv1 with cipher RC4-MD5 (128/128 bits) May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL3 alert read:fatal:bad record mac May 17 15:43:03 myhostname postfix/smtpd[28328]: warning: TLS library problem: 28328:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20: May 17 15:43:03 myhostname postfix/smtpd[28328]: lost connection after EHLO from mail-yw0-f47.google.com[209.85.213.47] May 17 15:43:03 myhostname postfix/smtpd[28328]: disconnect from mail-yw0-f47.google.com[209.85.213.47] At least one other user is encountering this problem, as discussed here: http://ubuntuforums.org/showthread.php?t=1981839 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: postfix 2.9.1-4 ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14 Uname: Linux 3.2.0-23-generic x86_64 ApportVersion: 2.0.1-0ubuntu7 Architecture: amd64 Date: Thu May 17 16:02:33 2012 InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1) ProcEnviron: TERM=xterm LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: postfix UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: postfix (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1001040 Title: "TLS library problem" drops incoming mail when sender uses RC4-MD5 cipher To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1001040/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
