SSL3_GET_RECORD:wrong version number:s3_pkt.c:345
Dear people:
I have a small server with few email accounts no more than 10. only 3
customers connect with the server.
2 customers connect without problem, desktop and phone.
1 customer connect with phone, but have problems with their windows 10 PC
To the customer simply show a message, the server do not allow cypher type.
The server show this in the log
2016-01-29T13:51:45.379788-03:00 schweb postfix/smtpd[26675]: initializing the
server-side TLS engine
2016-01-29T13:51:45.650969-03:00 schweb postfix/smtpd[26675]: warning:
hostname 191-113-58.baf.movistar.cl does not resolve to address
191.113.58.---: Name or service not known
2016-01-29T13:51:45.652101-03:00 schweb postfix/smtpd[26675]: connect from
unknown[191.113.58.---]
2016-01-29T13:51:45.725562-03:00 schweb postfix/smtpd[26675]: lost connection
after UNKNOWN from unknown[191.113.58.___]
2016-01-29T13:51:45.729548-03:00 schweb postfix/smtpd[26675]: disconnect from
unknown[191.113.58.---]
2016-01-29T13:52:26.443740-03:00 schweb postfix/smtpd[26675]: warning:
hostname 191-113-58.baf.movistar.cl does not resolve to address
191.113.58.---: Name or service not known
2016-01-29T13:52:26.444951-03:00 schweb postfix/smtpd[26675]: connect from
unknown[191.113.58.---]
2016-01-29T13:52:26.569998-03:00 schweb postfix/smtpd[26675]: setting up TLS
connection from unknown[191.113.58.---]
2016-01-29T13:52:26.571189-03:00 schweb postfix/smtpd[26675]:
unknown[191.113.58.---]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
2016-01-29T13:52:26.575515-03:00 schweb postfix/smtpd[26675]:
SSL_accept:before/accept initialization
2016-01-29T13:52:26.634822-03:00 schweb postfix/smtpd[26675]: SSL_accept:SSLv3
read client hello A
2016-01-29T13:52:26.636544-03:00 schweb postfix/smtpd[26675]: SSL_accept:SSLv3
write server hello A
2016-01-29T13:52:26.640005-03:00 schweb postfix/smtpd[26675]: SSL_accept:SSLv3
write certificate A
2016-01-29T13:52:26.667068-03:00 schweb postfix/smtpd[26675]: SSL_accept:SSLv3
write key exchange A
2016-01-29T13:52:26.672211-03:00 schweb postfix/smtpd[26675]: SSL_accept:SSLv3
write server done A
2016-01-29T13:52:26.675273-03:00 schweb postfix/smtpd[26675]: SSL_accept:SSLv3
flush data
2016-01-29T13:52:26.759913-03:00 schweb postfix/smtpd[26675]: SSL3 alert
write:fatal:protocol version
2016-01-29T13:52:26.761171-03:00 schweb postfix/smtpd[26675]: SSL_accept:error
in SSLv3 read client certificate A
2016-01-29T13:52:26.761944-03:00 schweb postfix/smtpd[26675]: SSL_accept error
from unknown[191.113.58.---]: -1
2016-01-29T13:52:26.768228-03:00 schweb postfix/smtpd[26675]: warning: TLS
library problem: 26675:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number:s3_pkt.c:345:
2016-01-29T13:52:26.776322-03:00 schweb postfix/smtpd[26675]: lost connection
after STARTTLS from unknown[191.113.58.---]
2016-01-29T13:52:26.777854-03:00 schweb postfix/smtpd[26675]: disconnect from
unknown[191.113.58.---]
The config file
postconf |grep "tls"
lmtp_enforce_tls = no
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_starttls_timeout = 300s
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_block_early_mail_reply = no
lmtp_tls_cert_file =
lmtp_tls_ciphers = export
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_eccert_file =
lmtp_tls_eckey_file = $lmtp_tls_eccert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = !SSLv2
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_protocols = !SSLv2
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
{cert_issuer}
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
smtp_enforce_tls = no
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_block_early_mail_reply = no
smtp_tls_cert_file =
smtp_tls_ciphers = export
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_eccert_file =
smtp_tls_eckey_file = $smtp_tls_eccert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protoc
Re: SSL3_GET_RECORD:wrong version number:s3_pkt.c:345
On 29 Jan 2016, at 12:17, Christian Schmitz wrote: > smtpd_tls_mandatory_protocols = !SSLv3,!TLSv1,!TLSv1.1,!TLSv1.2 There's your problem.
Re: Is this coming from my server - or outside ? can't figure it out.
> On Jan 21, 2016, at 11:31, Robert Chalmers wrote:
>
> I keep seeing these in my server logs, and I’m SURE I don’t have anything
> using example.com - well, pretty sure….
>
>
> Jan 21 16:27:09 zeus postfix/smtp[8877]: connect to
> example.com[2606:2800:220:1:248:1893:25c8:1946]:25: No route to host
> Jan 21 16:27:09 zeus postfix/smtp[8877]: 106181D503A4:
> to=, relay=none, delay=189343,
> delays=189313/0.02/30/0, dsn=4.4.1, status=deferred (connect to
> example.com[2606:2800:220:1:248:1893:25c8:1946]:25: No route to host)
>
you’re running amavisd and haven’t bother changing the $mydomain and/or
@{spam,virus}_admin_maps settings in amavisd.conf (or whatever configuration
file you’re using).
cf. the config file itself for more information on those variables; it is very
well documented.
—
cool hand luke
