Am 14. Jänner 2017 09:40:22 MEZ schrieb Admin Beckspaced <ad...@beckspaced.com>:
>Dear postfix users,
>
>I'm running Postfix version 2.11.6 on an OpenSUSE 42.1 box and all is
>running sweet & fine ;)
>Except a customer calls me that he can't receive emails from one of his
>partners.
>
>After looking for the partner email I found those log entries:
>
>2017-01-14T00:31:28.312121+01:00 cx20 postfix/smtpd[12579]: connect
>from
>mail.kommunalunternehmen.de[217.6.53.146]
>2017-01-14T00:31:28.419190+01:00 cx20 postfix/smtpd[12579]: SSL_accept
>error from mail.kommunalunternehmen.de[217.6.53.146]: Connection reset
>by peer
>2017-01-14T00:31:28.420304+01:00 cx20 postfix/smtpd[12579]: lost
>connection after STARTTLS from
>mail.kommunalunternehmen.de[217.6.53.146]
>2017-01-14T00:31:28.420870+01:00 cx20 postfix/smtpd[12579]: disconnect
>from mail.kommunalunternehmen.de[217.6.53.146]
>
>and those log entries repeat and repeat. From what I can also see in
>the
>logs it seems to be an exchange mail server:
>
>2017-01-13T14:17:55.649227+01:00 cx20 postfix/cleanup[3703]:
>960DA1A198A:
>message-id=<96C90C91ED31E24D8985DCEF2658CA0923EFD130@ku-exchange-02.kommunalunternehmen.local>
>
>is this a buggy or wrong configured MTA which has problems with TLS on
>port 25?
>
>All other MTA's don't seem to have any problems with TLS / STARTTLS.
>
>What can I do to fix this problem? Let the other MTA know that they got
>an issue with their TLS setup?
>
>Thanks & greetings
>Becki
>
>Here's my postconf, using a valid certificate from letsencrypt
>
>linux:~ # postconf -n | grep tls
>smtp_enforce_tls = no
>smtp_tls_CAfile =
>smtp_tls_CApath =
>smtp_tls_cert_file = /fullchain.pem
>smtp_tls_key_file = /privkey.pem
>smtp_tls_loglevel = 0
>smtp_tls_session_cache_database =
>smtp_use_tls = yes
>smtpd_tls_CAfile =
>smtpd_tls_CApath =
>smtpd_tls_ask_ccert = no
>smtpd_tls_cert_file = /fullchain.pem
>smtpd_tls_key_file = /privkey.pem
>smtpd_tls_loglevel = 0
>smtpd_tls_received_header = no
>smtpd_use_tls = yes
>tls_random_source = dev:/dev/urandom

You could set smtpd_tls_loglevel = 1 and get some more information on the next 
connection attempt.

Without knowing more details i'd say you have no cipher in common, that could 
be when you're dealing with an ancient version of exchange or some crappy 
middlebox.

-- 
 Christian Kivalo

Reply via email to