Hi !
While trying to send an email to some...@orange.fr <mailto:some...@orange.fr> , I get this error log : Mar 30 06:47:39 mail postfix/qmgr[18959]: 29D0248A23DC: from=x...@domain.dom <mailto:x...@domain.dom> , size=93541, nrcpt=1 (queue active) Mar 30 06:47:39 mail postfix/smtp[24365]: SSL_connect error to smtp-in.orange.fr[80.12.242.9]:25: -1 Mar 30 06:47:39 mail postfix/smtp[24365]: warning: TLS library problem: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../ssl/statem/statem_lib.c:1929: Mar 30 06:47:39 mail postfix/smtp[24365]: 29D0248A23DC: Cannot start TLS: handshake failure Mar 30 06:47:39 mail postfix/smtp[24365]: SSL_connect error to smtp-in.orange.fr[193.252.22.65]:25: -1 Mar 30 06:47:39 mail postfix/smtp[24365]: warning: TLS library problem: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../ssl/statem/statem_lib.c:1929: Mar 30 06:47:39 mail postfix/smtp[24365]: 29D0248A23DC: to=y...@orange.fr, relay=smtp-in.orange.fr[193.252.22.65]:25, delay=0.52, delays=0.29/0.01/0.22/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure) Mar 30 06:47:41 mail postfix/submission/smtpd[24351]: disconnect from lfbn-nan-xxx.abo.wanadoo.fr[xx.yy.zz.xx] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 After a few minutes, without doing anything, I get this : Mar 30 06:56:16 mail postfix/qmgr[18959]: 29D0248A23DC: from=x...@domain.dom, size=93541, nrcpt=1 (queue active) Mar 30 06:56:17 mail postfix/smtp[24509]: SSL_connect error to smtp-in.orange.fr[193.252.22.65]:25: -1 Mar 30 06:56:17 mail postfix/smtp[24509]: warning: TLS library problem: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../ssl/statem/statem_lib.c:1929: Mar 30 06:56:17 mail postfix/smtp[24509]: 29D0248A23DC: Cannot start TLS: handshake failure Mar 30 06:56:17 mail postfix/smtp[24509]: 29D0248A23DC: to=y...@orange.fr <mailto:y...@orange.fr> , relay=smtp-in.orange.fr[193.252.22.65]:25, delay=518, delays=518/0.02/0.12/0.35, dsn=2.0.0, status=sent (250 2.0.0 mUwH240075Jsp0m01UwHze mail accepted for delivery) Mar 30 06:56:17 mail postfix/qmgr[18959]: 29D0248A23DC: removed The TLS part in main.cf : ### Outbound SMTP connections (Postfix as sender) smtp_tls_security_level = dane smtp_dns_support_level = dnssec smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_protocols = !SSLv2, !SLv3 TLSv1.1, TLSv1.2 smtp_tls_ciphers = high smtp_tls_CAfile = /etc/letsencrypt/live/mymailserver.domain.dom/chain.pem Any clue about this error ? Which cert do I use and that orange does not want ? Why is the email sent after a few attempts ? Regards, Gaetan
