On Wed, Aug 19, 2015 at 09:54:01PM +0200, Michael Grimm wrote:
> If I do understand that correctly, it has been a good advice to revert
> back to OpenSSL running OS != OpenBSD.
I stand by that advice.
> And, if I am not mistaken, there is no way to tell postfix to work around
> that disabled support for HELLO. Correct?
Unless there's some new flag to SSL_CTX_set_options() that re-enables
SSL2-compatible HELLO support. You can check the documentation
for any hint of such a mechanism.
> If you are interested in tcpdumps of connections from
> russian-caravan.cloud9.net, please let me know. I do have one dump at
> hand, already.
I've managed to reproduce failing connections to your (backup MX)
machine with:
openssl s_client -starttls smtp -connect host:25
and succeed with:
openssl s_client -starttls smtp -no_ssl2 -connect host:25
--
Viktor.
