I have the explanation -- I should've looked into the tcpdump output
more closely.
Viktor Dukhovni wrote the following on 05.11.2014 16:30:
> On Wed, Nov 05, 2014 at 01:27:49PM +0100, Tobias Reckhard wrote:
>> It looks as though mail01.i-sec.tuv.com dropped the connection, though I
>> see no indication of the reason. Strangely, though, in a tcpdump I
>> recorded it appears that our customer's system is sending a [RST, ACK]
>> packet directly after sending "TLSv1 Application Data", which very
>> probably is its EHLO.
>
> You may have read the wrong direction for the Application Data.
> The SMTP client speaks first after [STARTTLS].
It is not apparent in the postfix logs and my old version of Wireshark
interprets it as an "Ignored Unknown Record" in the Secure Sockets
Layer, but the remote server (mail01.i-sec.tuv.com) said "454 TLS not
available due to a temporary reason" in its final message. postfix
responds to that by sending 64 bytes of gibberish TLSv1 "Application
Data" and then tears down the connection with a RST. But the problem was
obviously on the other end.
The customer has also reported that the other end "had a problem on
their mail server" which they have since fixed, allowing the mail in
question as well as a few others that had queued up to be delivered.
Thanks for your assistance, Viktor, I appreciate it.
In case you're interested, these are plain text Wireshark exports of the
last two messages from the server (omitting the Frame and Ethernet details):
Internet Protocol Version 4, Src: 193.24.224.9 (193.24.224.9), Dst:
192.168.21.65 (192.168.21.65)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 37055
(37055), Seq: 4416, Ack: 582, Len: 59
Secure Sockets Layer
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 48
Handshake Protocol: Encrypted Handshake Message
Internet Protocol Version 4, Src: 193.24.224.9 (193.24.224.9), Dst:
192.168.21.65 (192.168.21.65)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 37055
(37055), Seq: 4475, Ack: 582, Len: 86
Secure Sockets Layer
TLSv1 Record Layer: Encrypted Alert
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 32
Alert Message: Encrypted Alert
Ignored Unknown Record
The "Ignored Unknown Record reads: "454 TLS not available due to a
temporary reason"
Cheers,
Tobias
