2009/7/11 Wietse Venema <wie...@porcupine.org>: >> system.log:Jul 10 00:07:57 trex postfix/smtpd[45598]: warning: TLS >> library problem: 45598:error:140760FC:SSL >> routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:571: > > This is openssl's way of saying that the client sent garbage.
To expand on that, I imagine it means the client tried to talk plaintext when Postfix was expecting crypto. Can you clarify exactly how this is meant to work? You said you want MTA-to-MTA crypto, I assume in this particular case you mean Proxy->Postfix crypto. Depending on how much control you have over the configuration, you could use a "dumb" method like an stunnel pipe, or something smarter like STARTTLS in-band. It sounds like you're trying to do the latter, but you say "STARTTLS is issued. At that point, the proxy will either make the crypto connection, and deliver the mail off to postfix, or, it will drop the connection.". Why should the proxy drop the connection? In any case, I think the proxy needs debugging. You might also try adding the proxy as a verbose peer in Postfix, it might make the client's mistakes quickly evident.
