On 19.08.2015, at 20:02, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Wed, Aug 19, 2015 at 07:49:42PM +0200, Michael Grimm wrote:
>> One of the servers in question is one of the servers sending mail for this >> ML: >> >> Aug 19 19:08:29 <mail.info> mail postfix/smtpd[94303]: connect from >> russian-caravan.cloud9.net[2604:8d00:0:1::4] >> Aug 19 19:08:29 <mail.info> mail postfix/smtpd[94303]: SSL_accept error from >> russian-caravan.cloud9.net[2604:8d00:0:1::4]: lost connection > > Works for me via IPv6 too: > > $ posttls-finger -o inet_protocols=ipv6 -c -p TLSv1 -lmay -Lsummary \ > -o "tls_medium_cipherlist=DHE-RSA-AES256-SHA" \ > odo.in-berlin.de > posttls-finger: Untrusted TLS connection established to > mx1.enfer-du-nord.net[2001:41d0:8:67d4:1:1:0:1]:25: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits) Just in case I couldn't make it clear: All sending servers from cloud9.net deliver mail via IPv4 or IPv6 to my servers without any issue and without entries in smtpd_discard_ehlo_keyword_address_maps. The *only exception* is russian-caravan.cloud9.net[2604:8d00:0:1::4]. > To debug further, we'd need a tcpdump full packet capture: > > http://www.postfix.org/DEBUG_README.html#sniffer […] >> I will revert back to OpenSLL. If you won't to investigate LibreSSL's >> behavior with regard to russian-caravan.cloud9.net any further, I am >> willing to keep my secondary mx to LibreSSL for the time being. If not, >> please let me know. Might have been too early for that switch to LibreSSL > > I would not go out of my way to switch to LibreSSL at this time. > Use it if you're using OpenBSD, but stick with OpenSSL for now on > other platforms. Understood. > That said, it might be helpful to others to find out what > interoperability problem was introduced by LibreSSL 2.2.2. > > So get a packet capture or two before reverting to OpenSSL. I will revert to OpenSSL my primary mx, first. Then I will come back to this issue and provide you with tcpdump debugging info. Might take some days, though. Should I send them off-list or on-list? Thanks again and with kind regards, Michael
