Re: Upgrade from 2.4.5 to 2.7.1 and MS Outlook clients

Tue, 26 Oct 2010 09:49:07 -0700 

On Tue, Oct 26, 2010 at 11:40:49AM +0200, Laurent CARON wrote:
> I did upgrade a mail server from postfix 2.4.5 to 2.7.1.
> 
> Unfortunately Outlook MUA is unable to send email through.
> 
> I get the following error:
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: connect from 
> unknown[192.168.14.249]
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: setting up TLS connection from 
> unknown[192.168.14.249]
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: unknown[192.168.14.249]: TLS 
> cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!aNULL"
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:before/accept 
> initialization
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 read client 
> hello A
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 write server 
> hello A
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 write 
> certificate A
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 write 
> certificate request B
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 flush data
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept error from 
> unknown[192.168.14.249]: -1
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: lost connection after STARTTLS 
> from unknown[192.168.14.249]
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: disconnect from 
> unknown[192.168.14.249]

I'm now "playing" with ssldump:

1 1  0.0089 (0.0089)  C>S SSLv2 compatible client hello
  Version 3.1 
  cipher suites
  TLS_RSA_WITH_RC4_128_MD5  
  TLS_RSA_WITH_RC4_128_SHA  
  TLS_RSA_WITH_3DES_EDE_CBC_SHA  
  SSL2_CK_RC4  
  SSL2_CK_3DES  
  SSL2_CK_RC2  
  TLS_RSA_WITH_DES_CBC_SHA  
  SSL2_CK_DES  
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA  
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA  
  TLS_RSA_EXPORT_WITH_RC4_40_MD5  
  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5  
  SSL2_CK_RC4_EXPORT40  
  SSL2_CK_RC2_EXPORT40  
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA  
  TLS_DHE_DSS_WITH_DES_CBC_SHA  
  TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA  
1 2  0.0517 (0.0427)  S>CV3.1(74)  Handshake
      ServerHello
        Version 3.1 
        random[32]=
          4c c7 04 10 34 52 95 69 63 97 8a 46 80 d4 1f 4e 
          b6 c1 54 e7 c3 0c 58 22 42 42 36 56 6b a7 cc d9 
        session_id[32]=
          43 ab 8f cc 75 d1 8e 77 ab 07 60 7a 42 ce a3 39 
          68 3d bb 12 0f a9 d7 a6 82 b8 d5 b0 0c 1b 21 ec 
        cipherSuite         TLS_RSA_WITH_RC4_128_MD5
        compressionMethod                   NULL
1 3  0.0517 (0.0000)  S>CV3.1(1650)  Handshake
      Certificate
        Subject
          C=FR
          O=mail.lncsa.com
          OU=GT77022724
          OU=See www.rapidssl.com
          resources
          cps (c)09
          OU=Domain Control Validated - RapidSSL(R)
          CN=mail.lncsa.com
        Issuer
          C=US
          O=Equifax Secure Inc.
          CN=Equifax Secure Global eBusiness CA-1
        Serial         0a b1 a8 
        Extensions
          Extension: X509v3 Key Usage
                    Critical
          Extension: X509v3 Subject Key Identifier
          Extension: X509v3 CRL Distribution Points
          Extension: X509v3 Authority Key Identifier
          Extension: X509v3 Extended Key Usage
          Extension: X509v3 Basic Constraints
                    Critical
        Subject
          C=US
          O=Equifax Secure Inc.
          CN=Equifax Secure Global eBusiness CA-1
        Issuer
          C=US
          O=Equifax Secure Inc.
          CN=Equifax Secure Global eBusiness CA-1
        Serial         01 
        Extensions
          Extension: Netscape Cert Type
          Extension: X509v3 Basic Constraints
                    Critical
          Extension: X509v3 Authority Key Identifier
          Extension: X509v3 Subject Key Identifier
ERROR: Length mismatch

Do any of the postfix guru out there have a clue about what's going on ?

Reply via email to