Hi, Thanks. The only thing I have in the maillog is a connection made, tls established, then the connection is dropped.
Thanks. Dave. On 11/1/15, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Sun, Nov 01, 2015 at 02:49:20PM -0500, David Mehler wrote: > >> Still stuck. I've got the below not sure if it helps, it does show >> that on 143 and 587 client wise no peer is being sent or verified. >> >> openssl s_client -starttls smtp -connect localhost:587 >> CONNECTED(00000003) >> 34379270664:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: > > The thing on port 587 is not speaking any recognizable form of TLS. > Logs from the peer would be quite useful in this context. > >> openssl s_client -starttls smtp -connect localhost:143 >> CONNECTED(00000003) > > Well, port 143 speaks IMAP not SMTP so "starttls smtp" is not > likely to get far for that port. > >> # TLS parameters >> smtpd_tls_auth_only = yes >> smtpd_tls_mandatory_ciphers = high >> smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, >> MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, >> CBC3-SHA > > That looks rather like a random hodge-podge. Try: > > smtpd_tls_ciphers = medium > > instead. > >> smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, >> MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, >> CBC3-SHA > > Ditto. > >> Any help appreciated. > > Logs. > > -- > Viktor. >
