On 05/01/2017 09:51, Robert Mueller wrote:
We've suddenly had a couple of reports from users about people sending
to them (e.g. sending from a remote service to our servers) failing and
bouncing with the error message:
Certificate rejected over TLS. (unknown protocol)
There's not much more in the error message, I haven't managed to get
hold of a complete bounce email yet, or find out what server is being
used, but I'm trying to get hold of that information.
I don't believe anything has changed on our side (software wise or
configuration wise), so I'm not sure why we're suddenly seeing a couple
of reports of these errors.
AFAICS, your server doesn't support SSLv3, only TLS1.0 - 1.2. Maybe the
sender doesn't support TLS1.x and needs SSLv3.
Try
openssl s_client -starttls smtp -ssl3 -debug -connect
mx1.messagingengine.com:25
to check for SSLv3 support
Modern (mid-2015 or later) Postfix releases disable SSLv2 and SSLv3 by
default. Older ones only disable SSLv3. So, maybe you've upgraded the
Postfix version recently?
Whether you should support SSLv3 is a policy decision. It has
vulnerabilities, but, AIUI, they're hard to exploit, especially with SMTP.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
