On 11/05/20 23:35 -0400, Viktor Dukhovni wrote:
Attaching it is fine, if you're willing to disclose the IP addresses and hostnames of the two servers.
Okay, I've attached two files; the PCAP and the postfix log. To clarify my earlier email, the unencrypted session scenario only arises when I receive mail. It seems that when a foreign mail server connects to mine to send me a message, it fails, then retries sometime later NOT over TLS, and that succeeds. When I send mail, it fails the first time, and then as long as I immediately resend, it succeeds (over TLS, thankfully). I've also seen at least one sender (notably, GMAIL) connect, elicit the SSL_Shutdown error, and yet their message gets queued and delivered without another try being needed. Alexander
postfix-SSL_Shutdown.pcap
Description: application/vnd.tcpdump.pcap
May 11 19:29:04 vasaconsulting postfix/smtpd[14174]: connect from mail1.bemta23.messagelabs.com[67.219.246.1] May 11 19:29:05 vasaconsulting postfix/smtpd[14174]: Anonymous TLS connection established from mail1.bemta23.messagelabs.com[67.219.246.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) May 11 19:29:06 vasaconsulting postfix/smtpd[14174]: 80D73102C036: client=mail1.bemta23.messagelabs.com[67.219.246.1] May 11 19:29:06 vasaconsulting postfix/smtpd[14174]: warning: TLS library problem: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init:../ssl/ssl_lib.c:2086: May 11 19:29:06 vasaconsulting postfix/smtpd[14174]: lost connection after RCPT from mail1.bemta23.messagelabs.com[67.219.246.1] May 11 19:29:06 vasaconsulting postfix/smtpd[14174]: disconnect from mail1.bemta23.messagelabs.com[67.219.246.1] ehlo=2 starttls=1 mail=1 rcpt=1 commands=5
