On Thu, Apr 19, 2012 at 07:36:04AM -0700, fr47Tb wrote:
> Thank you for your response. I have included the debug file as best that I
> know how below.
>
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 mail.test.com server ready
> lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: LHLO mail.test.com
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-mail.test.com
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-8BITMIME
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-ENHANCEDSTATUSCODES
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-PIPELINING
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-SIZE
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-STARTTLS
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250 IGNOREQUOTA
> lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: STARTTLS
> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 Begin TLS negotiation now
> lmtp[1638]: setting up TLS connection to 127.0.0.1[127.0.0.1]:24
> lmtp[1638]: write to 080B5008 [080CD920] (111 bytes => 111 (0x6F))
> lmtp[1638]: SSL_connect:SSLv2/v3 write client hello A
> lmtp[1638]: read from 080B5008 [080D2E80] (7 bytes => 7 (0x7))
> lmtp[1638]: 0000 34 35 34 20 34 2e 33 454 4.3
> lmtp[1638]: SSL_connect:error in SSLv2/v3 read server hello A
The server is busted, it attempts to reneg on doing TLS after
sending "220 Begin TLS negotiation now". Sending a plaintext "454
..." error in the midle of the SSL handshake is too late!
--
Viktor.
