Postfix says "Cannot start TLS: handshake failure" when try to send to Exchange 2007 Server

Mon, 30 Nov 2020 11:08:34 -0800 

I use Postfix as an SMTP server, in the last few days I have started to see
an error delivering mail to some servers.

I am trying to deliver an email to a Server with Microsoft Exchange 2007
and I receive the following message.

> Nov 30 15:29:40 smarthost04-ded postfix-out/qmgr[9305]: 56253920A60:
> from=<fvid...@infoauto.com.ar>, size=7238, nrcpt=1 (queue active) Nov
> 30 15:29:40 smarthost04-ded postfix/smtp[9335]: 32FEC920C41:
> to=<fvid...@exchange.infoauto.com.ar>,
> relay=127.0.0.1[127.0.0.1]:10026, delay=0.24, delays=0.1/0/0.04/0.09,
> dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 56253920A60) Nov 30
> 15:29:40 smarthost04-ded postfix-out/smtp[9312]: 56253920A60: Cannot
> start TLS: handshake failure Nov 30 15:29:40 smarthost04-ded
> postfix-out/smtp[9312]: 56253920A60:
> to=<fvid...@exchange.infoauto.com.ar>,
> relay=exet02.hostmar.com[200.58.120.69]:25, delay=0.12,
> delays=0.09/0/0.03/0, dsn=4.7.5, status=deferred (Cannot start TLS:
> handshake failure)

I have read the documentation but I cannot understand why this error occurs.

This is my configuration

```
postconf mail_version
mail_version = 3.5.2

smtp_tls_exclude_ciphers = MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4
smtp_tls_protocols = !SSLv2:!SSLv3
smtpd_tls_cert_file = /etc/pki/tls/certs/linux.ferozo.com.pem
smtpd_tls_key_file = /etc/pki/tls/private/linux.ferozo.com.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/ssl/smtpd_ssl_cache
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/ssl/smtp_ssl_cache

```

Here I make a connection to the destination server

```
posttls-finger -c -Ldebug "exet02.hostmar.com"
posttls-finger: initializing the client-side TLS engine
posttls-finger: setting up TLS connection to exet02.hostmar.com
[200.58.120.69]:25
posttls-finger: exet02.hostmar.com[200.58.120.69]:25: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!aNULL"
posttls-finger: SSL_connect:before/connect initialization
posttls-finger: SSL_connect:SSLv2/v3 write client hello A
posttls-finger: SSL_connect error to exet02.hostmar.com[200.58.120.69]:25:
lost connection
```
Any ideas??

Regards,

Reply via email to