On Thu, Jun 26, 2014 at 11:52:33AM +0200, Andrea wrote:
> Hello,
> with postfix 2.9.6-2 I'm using smtp_tls_security_level = may.
>
> No problems with it, but sending mails to some Exchange servers I see this
> error:
> *lost connection with mail.domain.com <http://mail.domain.com>[...] while
> sending MAIL FROM*
Known problem with TLS 1.2 long cipherlists, RC4 falling out of
the first 64 ciphers sent on the wire, and 3DES being broken in
the unpatched Exchange 2007.
> Could you help me with the problem?
Search the list archives. I've answered this question many times already.
> If it happens just with some Exchange servers it seems a problem of their
> servers.. but is there some way to avoid it? Is there a way to tell postfix
> to avoid tls1 if delivery fails?
Postfix automatically retries in cleartext unless you mandate use
of TLS. You can tune your cipherlists or protocol selection in
the TLS policy table for the problem domains. They should get their
servers up to date.
--
Viktor.
