On Sun, Jul 26, 2020 at 02:21:25PM +0300, Christos Chatzaras wrote:
> Few hours ago I upgrade from Postfix 3.5.4 to 3.5.5 and sometimes I get
> "Cannot start TLS: handshake failure":
>
> ------
> Jul 26 13:21:10 smtp2 postfix/smtpd[26600]: 1DB241F4EA:
> client=server28.example.net[138.201.82.xxx]
> Jul 26 13:21:10 smtp2 postfix/cleanup[26147]: 1DB241F4EA:
> message-id=<f42ae274b54d32f368dd3897ee7c7...@www.example.com>
> Jul 26 13:21:10 smtp2 postfix/qmgr[1637]: 1DB241F4EA:
> from=<i...@example.com>, size=5509, nrcpt=1 (queue active)
> Jul 26 13:21:10 smtp2 relay2/smtp[26609]: 1DB241F4EA: to=<i...@example.org>,
> relay=mail.example.org[138.201.51.72]:25, delay=0.42, delays=0.4/0/0.02/0,
> dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)
> Jul 26 13:26:50 smtp2 postfix/qmgr[1637]: 1DB241F4EA:
> from=<i...@example.com>, size=5509, nrcpt=1 (queue active)
> Jul 26 13:26:50 smtp2 relay4/smtp[26535]: 1DB241F4EA: to=<i...@example.org>,
> relay=mail.example.org[138.201.51.72]:25, delay=341, delays=340/0/0.04/0.53,
> dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
> as 6F1B02869AA)
> Jul 26 13:26:50 smtp2 postfix/qmgr[1637]: 1DB241F4EA: removed
> ------
>
> These messages are delivered the next time the sender SMTP tries to deliver
> the message.
The server at 138.201.51.72 exhibits intermittent handshake failures, it
emits an incorrectly encoded certificate ~50% of the time. Perhaps
there's a load-balancer there, or some on-path network device sometimes
garbles packets.
> Also I use Monit to monitor Postfix and after the upgrade to 3.5.5 version I
> get messages like this:
>
> ------
> Connection failed Service postfix
> Date: Sun, 26 Jul 2020 14:01:39
> Action: restart
> Host: server28.example.com
> Description: failed protocol test [SMTP] at [127.0.0.1]:25 [TCP/IP] -- Error
> receiving data from the mailserver -- Resource temporarily unavailable
> ------
The SMTP server issue is real, patch shortly.
--
Viktor.
