Hi!

What's your suggestion to avoid the following problem?

Sep 22 13:11:22 postfix/smtpd[21000]: connect from 
dragon.trusteddomain.org[208.69.40.156]
Sep 22 13:11:25 postfix/smtpd[21000]: SSL_accept error from 
dragon.trusteddomain.org[208.69.40.156]: -1
Sep 22 13:11:25 postfix/smtpd[21000]: warning: TLS library problem: 
error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared 
cipher:ssl/statem/statem_srvr.c:2284:
Sep 22 13:11:25 postfix/smtpd[21000]: lost connection after STARTTLS from 
dragon.trusteddomain.org[208.69.40.156]
Sep 22 13:11:25 postfix/smtpd[21000]: disconnect from 
dragon.trusteddomain.org[208.69.40.156] ehlo=1 starttls=0/1 commands=1/2

I only see this warning with this particular client.

I'm running Postfix 3.6-20200830 compiled with openssl-1.1.1g.
Using Let's Encrypt certificate.

My main.cf:

smtp_tls_security_level = may
smtp_tls_CAfile = /path/to/cacert.pem
smtp_tls_cert_file = /path/to/fullchain.cer
smtp_tls_key_file = /path/to/keyfile.key
smtpd_tls_security_level = $smtp_tls_security_level
smtpd_tls_CAfile = $smtp_tls_CAfile
smtpd_tls_cert_file = $smtp_tls_cert_file
smtpd_tls_key_file = $smtp_tls_key_file
smtpd_tls_ask_ccert = no

...everything else tls related is default.

Is it possible to not announce STARTTLS to some clients?

-me

Reply via email to