[pfx] Re: Debugging SSL_accept error Connection reset by peer

Tue, 11 Apr 2023 06:50:13 -0700 

On Fri, Apr 07, 2023 at 11:25:33AM -0400, micah via Postfix-users wrote:

2023-04-06T07:34:42.281789+00:00 mx1 postfix/smtpd[1680368]: SSL_accept:before 
SSL initialization
2023-04-06T07:34:42.300347+00:00 mx1 postfix/smtpd[1680368]: SSL_accept:before 
SSL initialization
2023-04-06T07:34:42.300445+00:00 mx1 postfix/smtpd[1680368]: 
SSL_accept:SSLv3/TLS read client hello
2023-04-06T07:34:42.300492+00:00 mx1 postfix/smtpd[1680368]: 
SSL_accept:SSLv3/TLS write server hello
2023-04-06T07:34:42.300537+00:00 mx1 postfix/smtpd[1680368]: 
SSL_accept:SSLv3/TLS write certificate
2023-04-06T07:34:42.317750+00:00 mx1 postfix/smtpd[1680368]: 
SSL_accept:SSLv3/TLS write key exchange
2023-04-06T07:34:42.317879+00:00 mx1 postfix/smtpd[1680368]: 
SSL_accept:SSLv3/TLS write server done
2023-04-06T07:34:42.337252+00:00 mx1 postfix/smtpd[1680368]: SSL_accept:error 
in SSLv3/TLS write server done
2023-04-06T07:34:42.338243+00:00 mx1 postfix/smtpd[1680368]: SSL_accept error 
from mail2.wsecu.org[65.125.209.36]: Connection reset by peer



On 2023-04-07 13:25:42, Viktor Dukhovni via Postfix-users wrote:

The SMTP client closed the TCP connection at some point while receiving
the server TLS Hello, Certificate and Key Exchange messages.  Likely
it took some issue with the certificate.  You need to ask the client
MTA administrator why they hang up.


Unfortunately, I do not have any way to communicate with the client MTA
admins, so I'm shooting in the dark here.



Restarted postfix after these changes and triggered the remote client to
try again, but unfortunately, the same error happens. Same thing in the
pcap: I say Server Hello Done, and then the client sends a RST, ACK.


On 11.04.23 08:32, micah anderson via Postfix-users wrote:

Any other ideas of things I could try?



It's very hard to find out a problem when client is dropping connection. 
That may be even SSL scanner or similar.



Perhaps you could disable STARTTLS extension for this particular address by 
using smtpd_discard_ehlo_keyword_address_maps:


smtpd_discard_ehlo_keyword_address_maps=hash:/etc/postfix/smtpd_keywords

/etc/postfix/smtpd_keywords:

65.125.209.36   STARTTLS

http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to