> grepp'ed with 'ciphers': > > smtp_tls_ciphers = medium > > smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA > > smtp_tls_mandatory_ciphers = medium > > tls_preempt_cipherlist = yes > > Before asking for help, try removing those settings. I've removed them; it did not change anything.
The debug-log now says: postfix/smtpd[12259]: connect from ...[...] postfix/smtpd[12259]: setting up TLS connection from ...[...] postfix/smtpd[12259]: ...[...]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH" postfix/smtpd[12259]: SSL_accept:before SSL initialization postfix/smtpd[12259]: SSL_accept:before SSL initialization postfix/smtpd[12259]: SSL3 alert write:fatal:handshake failure postfix/smtpd[12259]: SSL_accept:error in error postfix/smtpd[12259]: SSL_accept error from ...[...]: -1 postfix/smtpd[12259]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282: postfix/smtpd[12259]: lost connection after STARTTLS from ...[...] postfix/smtpd[12259]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2 Does that mean that the other server only supports SSL3? Or could it be that my certificate is ECDSA, but the other server maybe only supports RSA? thanks, Roland
