Am 26.06.2014 16:11, schrieb Viktor Dukhovni: > On Thu, Jun 26, 2014 at 11:52:33AM +0200, Andrea wrote: > >> Hello, >> with postfix 2.9.6-2 I'm using smtp_tls_security_level = may. >> >> No problems with it, but sending mails to some Exchange servers I see this >> error: >> *lost connection with mail.domain.com <http://mail.domain.com>[...] while >> sending MAIL FROM* > > Known problem with TLS 1.2 long cipherlists, RC4 falling out of > the first 64 ciphers sent on the wire, and 3DES being broken in > the unpatched Exchange 2007. > >> Could you help me with the problem? > > Search the list archives. I've answered this question many times already. > >> If it happens just with some Exchange servers it seems a problem of their >> servers.. but is there some way to avoid it? Is there a way to tell postfix >> to avoid tls1 if delivery fails? > > Postfix automatically retries in cleartext unless you mandate use > of TLS. You can tune your cipherlists or protocol selection in > the TLS policy table for the problem domains. They should get their > servers up to date. >
perhaps look at this http://archives.neohapsis.com/archives/postfix/2013-11/0121.html Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
