Re: What is happening here? (TLS Library Problem)

Fri, 10 Jun 2022 05:56:04 -0700 

> On 10 Jun 2022, at 13:17, Wietse Venema <wie...@porcupine.org> wrote:
> 
> Wietse Venema:
>> Gerben Wierda:
>>> 
>>>> On 10 Jun 2022, at 02:30, Wietse Venema <wie...@porcupine.org> wrote:
>>>> 
>>>> Gerben Wierda:
>>>>> What is happening here? (mail is delivered, I?m just curious)
>>>>> 
>>>>> Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from 
>>>>> [146.185.52.133]:10400 to [192.168.2.66]:25
>>>>> Jun 09 23:37:45 mail postfix/postscreen[4294]: PASS NEW 
>>>>> [146.185.52.133]:10400
>>>>> Jun 09 23:37:45 mail smtp/smtpd[4296]: connect from 
>>>>> ims-smtp133.persgroep-ops.net[146.185.52.133]
>>>>> Jun 09 23:37:46 mail smtp/smtpd[4296]: CC868E75AA1E: 
>>>>> client=ims-smtp133.persgroep-ops.net[146.185.52.133]
>>>>> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: 
>>>>> message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net>
>>>>> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: 
>>>>> from=<nore...@mail.trouw.nl>, size=34628, nrcpt=1 (queue active)
>>>>> Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: 
>>>>> error:0A000126:SSL routines::unexpected eof while 
>>>>> reading:ssl/record/rec_layer_s3.c:309:
>>>>> Jun 09 23:37:48 mail smtp/smtpd[4296]: disconnect from 
>>>>> ims-smtp133.persgroep-ops.net[146.185.52.133] ehlo=2 starttls=1 mail=1 
>>>>> rcpt=1 data=1 commands=6
>>>>> 
>>>> 
>>>> Did you look for 0A000126 with a web search engine?
>>> 
>>> Yes. Searched on the entire error string as well.
>>> 
>>> But that did not give me a clue.
>> 
>> I got: OpenSSL 3 is more strict about clients that disconnect without
>> fully following the protocol.
> 
> Specifically, google 0A000126, the first result is PHP issue 8369a

Indeed. Interesting. I use duckduckgo (which relies on Bing afaik) and it 
doesn’t find that.

> which links to https://github.com/openssl/openssl/issues/11378 
> <https://github.com/openssl/openssl/issues/11378>. The
> latter had a breaking fix, backed it out for OpenSSL 1.1.1, but
> kept it in the branch that become OpenSSL 3.

So basically, the sender doesn’t properly close the SSL protocol, their MTA is 
using an SSL which isn’t properly implemented.

G

Reply via email to