Hi again, I tried to run smtpd in debug mode with below command. smtpd -d -v -f /etc/mail/smtpd.conf
Here is the nmap command and its output. nmap -sV -Pn -p 25,587 --version-intensity 8 --script ssl-enum-ciphers XX.YY.ZZ.QQ Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-17 21:26 +03 Nmap scan report for mx.podworin.com (XX.YY.ZZ.QQ) Host is up (0.000059s latency). PORT STATE SERVICE VERSION 25/tcp open smtp OpenSMTPD 587/tcp open smtp OpenSMTPD Service Info: Host: volgograd.podworin.com Here is the produced outputs of smtpd process while running in debug mode. debug: init ssl-tree info: loading pki information for mx.domainname.tld debug: init ca-tree debug: init ssl-tree info: loading pki keys for mx.domainname.tld debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend info: OpenSMTPD 6.7.0 starting debug: init ssl-tree info: loading pki information for mx.domainname.tld debug: init ca-tree debug: init ssl-tree info: loading pki keys for mx.domainname.tld debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend setup_peer: klondike -> control[27654] fd=4 setup_peer: klondike -> pony express[70123] fd=5 setup_done: ca[55696] done debug: init ssl-tree info: loading pki information for mx.domainname.tld debug: init ca-tree debug: init ssl-tree info: loading pki keys for mx.domainname.tld debug: init ssl-tree info: loading pki information for mx.domainname.tld debug: init ca-tree debug: init ssl-tree info: loading pki keys for mx.domainname.tld debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend setup_peer: queue -> control[27654] fd=4 setup_peer: queue -> pony express[70123] fd=5 setup_peer: queue -> lookup[20361] fd=6 setup_peer: queue -> scheduler[34042] fd=7 setup_proc: klondike done debug: init ssl-tree info: loading pki information for mx.domainname.tld debug: init ca-tree debug: init ssl-tree info: loading pki keys for mx.domainname.tld debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend setup_peer: control -> klondike[55696] fd=4 setup_peer: control -> lookup[20361] fd=5 setup_peer: control -> pony express[70123] fd=6 setup_peer: control -> queue[15276] fd=7 setup_peer: control -> scheduler[34042] fd=8 setup_done: control[27654] done debug: init ssl-tree info: loading pki information for mx.domainname.tld debug: init ca-tree debug: init ssl-tree info: loading pki keys for mx.domainname.tld debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend setup_peer: pony express -> control[27654] fd=4 setup_peer: pony express -> klondike[55696] fd=5 setup_peer: pony express -> lookup[20361] fd=6 setup_peer: pony express -> queue[15276] fd=7 debug: init ssl-tree info: loading pki information for mx.domainname.tld debug: init ca-tree debug: init ssl-tree info: loading pki keys for mx.domainname.tld debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend setup_peer: scheduler -> control[27654] fd=4 setup_peer: scheduler -> queue[15276] fd=5 setup_proc: control done debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend setup_peer: lookup -> control[27654] fd=4 setup_peer: lookup -> pony express[70123] fd=5 setup_peer: lookup -> queue[15276] fd=6 setup_done: lka[20361] done setup_proc: pony express done setup_done: pony[70123] done setup_proc: queue done setup_done: queue[15276] done setup_proc: scheduler done debug: bounce warning after 4h setup_done: scheduler[34042] done smtpd: setup done setup_proc: lookup done debug: rsa_engine_init: using RSA privsep engine debug: ecdsa_engine_init: using ECDSA privsep engine debug: parent_send_config_ruleset: reloading debug: parent_send_config: configuring pony process debug: parent_send_config: configuring ca process debug: smtp: listen on [::1] port 25 flags 0x2401 pki "mx.domainname.tld" ca "" debug: smtp: listen on [fe80::1%lo0] port 25 flags 0x2401 pki "mx.domainname.tld" ca "" debug: smtp: listen on 127.0.0.1 port 25 flags 0x2401 pki "mx.domainname.tld" ca "" debug: smtp: listen on XX.YY.ZZ.QQ port 25 flags 0x2401 pki "mx.domainname.tld" ca "" debug: smtp: listen on [::1] port 587 flags 0x2469 pki "mx.domainname.tld" ca "" debug: smtp: listen on [fe80::1%lo0] port 587 flags 0x2469 pki "mx.domainname.tld" ca "" debug: smtp: listen on 127.0.0.1 port 587 flags 0x2469 pki "mx.domainname.tld" ca "" debug: smtp: listen on XX.YY.ZZ.QQ port 587 flags 0x2469 pki "mx.domainname.tld" ca "" debug: pony: rsae_init debug: pony: rsae_init debug: smtp: will accept at most 498 clients debug: init private ssl-tree debug: queue: done loading queue into scheduler debug: smtpd: scanning offline queue... debug: smtpd: offline scanning done 7b4d1af8fd21be6d smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1af9a0b12813 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1af9a0b12813 smtp disconnected reason=disconnect 7b4d1af8fd21be6d smtp disconnected reason=disconnect 7b4d1afa3cee7178 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1afa3cee7178 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" 7b4d1afb90de4349 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1afb90de4349 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" 7b4d1afc5bd313dd smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1afd5eaae3e3 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1afedea16070 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1afff5401cdc smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1b00f692dd5d smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL 7b4d1b01c5701735 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1b02de687375 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1afc5bd313dd smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL 7b4d1b030df9649c smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1afd5eaae3e3 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL 7b4d1b0469fbfc14 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number 7b4d1afedea16070 smtp disconnected reason="io-error: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number" 7b4d1b0549301737 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number 7b4d1afff5401cdc smtp disconnected reason="io-error: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number" debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b00f692dd5d smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b01c5701735 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL 7b4d1b061486342d smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b02de687375 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" 7b4d1b0757683a80 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b030df9649c smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b0469fbfc14 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" 7b4d1b085506fdd8 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b0549301737 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" 7b4d1b09069039f9 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld 7b4d1b0a5b91eeb2 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL 7b4d1b0bc5cb0230 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b061486342d smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" debug: SSL library error: io_dispatch_accept_tls:SSL_accept: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher 7b4d1b0757683a80 smtp disconnected reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher" debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL debug: looking up pki "mx.domainname.tld" debug: session_start_ssl: switching to SSL 7b4d1b0c4ed52ad0 smtp connected address=XX.YY.ZZ.QQ host=mx.domainname.tld debug: pony: rsae_priv_enc debug: parent -> ca: pipe closed smtpd: process ca socket closed debug: control -> klondike: pipe closed debug: control agent exiting debug: lka -> parent: pipe closed debug: lookup agent exiting debug: queue -> parent: pipe closed debug: queue agent exiting debug: scheduler -> control: pipe closed debug: scheduler agent exiting pony express: pipe closed jin&hitman&Barracuda <jinhit...@gmail.com>, 17 Tem 2020 Cum, 16:34 tarihinde şunu yazdı: > Hi > Greeting from Turkey. > > Nowadays, an smtp server requirement come up and i decided to add mail > exchange functionality to my OpenBSD 6.7 virtual machine. According to > article on poolp.org, i set up it and started some test. Both ports (25 > and 587) accepts SSL connections with starttls. While testing my > configuration with openssl[1] there was no problem but when i use nmap[2] > for testing ssl ciphers/protocols the OpenSMPTd service quits with > errors[3]. I know my nmap command is useful while testing non-starttls > services but i used it just want to see what happens. > > My OpenSMTPd setup simple and exactly the same as shown in "[0]" except > SSL key and cert part. > > I'm not an expert about computers, so please don't get me wrong but I'm > expecting that the smtpd daemon will continue to serve rather than quit. > Because, the error is on client side. My setup could be wrong or my > expectations are wrong or ... ? > > [0] " > https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/ > " > [1] openssl s_client -connect my_IP:25 -starttls smtp ( -tls1 / -tls1_1 / > -tls1_2 / -tls1_3 ) > [2] nmap --script ssl-enum-ciphers -p 25 my_IP > [3] Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa31a3a9d44 smtp > connected address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa31a3a9d44 smtp bad-input > result="500 5.5.1 Invalid command: Pipelining not supported" > Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa31a3a9d44 smtp disconnected > reason=quit > Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa443b518b5 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa443b518b5 smtp disconnected > reason="io-error: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong > version number" > Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa53b199936 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa6db5e7ce5 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:22 volgograd smtpd[29365]: 287f8aa72b8aa932 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aa6db5e7ce5 smtp disconnected > reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no > shared cipher" > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aa53b199936 smtp disconnected > reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no > shared cipher" > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aa72b8aa932 smtp disconnected > reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no > shared cipher" > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aa87d5ddc88 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aa918b83c2f smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aaa668d461e smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aa918b83c2f smtp disconnected > reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no > shared cipher" > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aa87d5ddc88 smtp disconnected > reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no > shared cipher" > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aaa668d461e smtp disconnected > reason="io-error: error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no > shared cipher" > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aab71a20c23 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aaccf2338c6 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aadc01152b9 smtp connected > address=XX.YY.ZZ.QQ host=MY_SMTP_HOST > Jul 17 16:06:23 volgograd smtpd[29365]: 287f8aab71a20c23 smtp disconnected > reason="io-error: No TLS error" > Jul 17 16:06:23 volgograd smtpd[18599]: smtpd: process pony socket closed > > -- > *Fatih C.* > -- *There is no place like "/home"* *Tuco (Benedicto Pacifico Juan Maria) Ramirez*
