TLS issue with purchase order emails from ariba.com system.

Mon, 13 Jun 2022 00:48:27 -0700 

Hi,

Having problems with purchase order emails from ariba.com systems.

Has anyone experienced this similar issue with ariba.com?

Here are the logs from our side.

-------------- start ------------------------
Jun 13 15:13:22 mail postfix/smtpd[4153705]: connect from ansmtp.ariba.com[216.109.104.12] Jun 13 15:13:22 mail postfix/smtpd[4153705]: discarding EHLO keywords: CHUNKING Jun 13 15:13:23 mail postfix/smtpd[4153705]: SSL_accept error from ansmtp.ariba.com[216.109.104.12]: Connection reset by peer Jun 13 15:13:23 mail postfix/smtpd[4153705]: lost connection after STARTTLS from ansmtp.ariba.com[216.109.104.12] Jun 13 15:13:23 mail postfix/smtpd[4153705]: disconnect from ansmtp.ariba.com[216.109.104.12] ehlo=1 starttls=0/1 commands=1/2 

--------------- end -------------------------
When I requested for some error messages from their end, they were not forthcoming.
Here are my configs. Need advice on what changes can be done to allow emails from them? Besides turning off the TLS. 

------------------ start ---------------------
tls_preempt_cipherlist = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may
tls_ssl_options = NO_RENEGOTIATION
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_dh1024_param_file = /etc/pki/tls/private/postfix.dh.param

smtpd_tls_mandatory_ciphers = medium
smtpd_tls_ciphers           = high

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
tls_high_cipherlist = !EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+AES256:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!CAMELLIA256-SHA:AES256-SHA:!CAMELLIA128-SHA:AES128-SHA
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA 

------------------ end -----------------------

P.V.Anthony

Reply via email to