[pfx] Re: TLS library problem: error:0A000102

On Sun, Nov 17, 2024 at 04:47:17PM -0800, Randy Bush via Postfix-users wrote: > 2024-11-18T00:03:12.077805+00:00 m0 postfix/smtpd[1756]: warning: > TLS library problem: error:0A000102:SSL routines: > :unsupported protocol - > :.

[pfx] TLS library problem: error:0A000102

/smtpd[1756]: warning: TLS library problem: error:0A000102:SSL routines::unsupported protocol:../ssl/statem/statem_srvr.c:1657: 2024-11-18T00:03:12.078082+00:00 m0 postfix/smtpd[1756]: lost connection after STARTTLS from mail.edusemx.com[66.85.163.236] 2024-11-18T00:03:12.078311+00:00 m0

[pfx] Re: TLS Library Problem

>> postfix/smtps/smtpd[39559]: warning: TLS library problem: >> error:14094416:SSL routines:ssl3_read_bytes: >> sslv3 alert certificate unknown: >> /usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621: >> SSL alert number 46: > > The remote client was unable to

[pfx] Re: TLS Library Problem

On Sat, May 11, 2024 at 11:55:14PM -0400, Jason Hirsh via Postfix-users wrote: > I have they error message > > postfix/smtps/smtpd[39559]: warning: TLS library problem: > error:14094416:SSL routines:ssl3_read_bytes: > sslv3 alert certificate unknown: > /usr/src/crypto/

[pfx] Re: TLS Library Problem

On 11.05.24 23:55, Jason Hirsh via Postfix-users wrote: Still chasing ssl/tls issue I have they error message postfix/smtps/smtpd[39559]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3

[pfx] TLS Library Problem

Still chasing ssl/tls issue I have they error message postfix/smtps/smtpd[39559]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:SSL alert number 46: I am assuming the ie eher

[pfx] Re: why tls library problem?

On Tue, Feb 06, 2024 at 06:50:28PM +0100, Maurizio Caloro via Postfix-users wrote: > Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello: > no shared cipher:../ssl/statem/statem_srvr.c:2283: This looks like

[pfx] Re: why tls library problem?

Maurizio Caloro via Postfix-users: > Please, i see often on log file See text after >>>> > Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello:>>>>no shared > cip

[pfx] why tls library problem?

Please, i see often on log file Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../ssl/statem/statem_srvr.c:2283: Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: error

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote: > Thank you so much for the suggestion to review the crypto setting as this > indeed a RedHat based distribution. I confirmed it is set to "default" > which means “The default system-wide cryptographic policy level offers > s

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks identical to what you posted for Fedora. I am not a RHEL expert but I have not see any references to opt out of the crypto policy on a per application basis. You can customize an existing crypto policy or create your own. I t

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

yy.yyy.yyy.yyy]: -1 > > postfix/smtpd[1234567]: warning: TLS library problem: > > error:0398:digital envelope routines::invalid > digest:crypto/evp/m_sigver.c:343: > > postfix/smtpd[1234567]: warning: TLS library problem: > > error:0A0C0103:SSL routines::internal >

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

I don't even know whether RedHat exposes any mechanisms for applications> to opt-out of crypto policy and use only application-driven OpenSSL> configuration. This is should perhaps be looked into in the Postfix 3.9> timeframe. from my notes dealing with new Fedora crypto-policies on a number o

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote: > You should of course also share > (https://www.postfix.org/DEBUG_README.html#mail) > > $ postconf -nf > $ postconf -Mf > > without any changes in whitespace, including line breaks. Attaching > these a

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

> > > > Because TLS/SSL things are very complex, you have to show us real > settings all. Like me: (yw-0919: inbound, yw-1204: outbound) > [1] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-0919 > [2] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-1204 > And P

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

om > xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 > May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem: > error:0398:digital envelope routines::invalid > digest:crypto/evp/m_sigver.c:343: > May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem: > error

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 > postfix/smtpd[1234567]: warning: TLS library problem: > error:0398:digital envelope routines::invalid > digest:crypto/evp/m_

[pfx] TLS Library Problem? (SSL_accept error from ...)

xxx.xxx.xxx[yyy.yyy.yyy.yyy] May 05 16:27:59 zzz postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 May 05 16:27:59 zzz postfix/smtpd[1234567]: warning: TLS library problem: error:0398:digital envelope routines::invalid digest:crypto/evp/m_sigver.c:343: May 05 16:27:59 zzz

Re: What is happening here? (TLS Library Problem)

3.persgroep-ops.net[146.185.52.133] > > >>>>>> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: > > message-id=< > > 220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroe

Re: What is happening here? (TLS Library Problem)

233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net > > > >>>>>> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: from=< > nore...@mail.trouw.nl>, size=34628, nrcpt=1

Re: What is happening here? (TLS Library Problem)

.185.52.133] >>>>>> Jun 09 23:37:46 mail smtp/smtpd[4296]: CC868E75AA1E: >>>>>> client=ims-smtp133.persgroep-ops.net[146.185.52.133] >>>>>> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: >>>>>> message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3h

Re: What is happening here? (TLS Library Problem)

On Fri, Jun 10, 2022 at 02:55:24PM +0200, Gerben Wierda wrote: > > which links to https://github.com/openssl/openssl/issues/11378 > > . The > > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but > > kept it in the branch that become Op

Re: What is happening here? (TLS Library Problem)

On Fri, Jun 10, 2022 at 07:17:45AM -0400, Wietse Venema wrote: > Specifically, google 0A000126, the first result is PHP issue 8369a > which links to https://github.com/openssl/openssl/issues/11378. The > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but > kept it in the branch that b

Re: What is happening here? (TLS Library Problem)

] >>>>> Jun 09 23:37:47 mail postfix/cleanup[4300]: CC868E75AA1E: >>>>> message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> >>>>> Jun 09 23:37:48

Re: What is happening here? (TLS Library Problem)

message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> > > >> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > > >> from=, size=34628, nrcpt=1 (queue active) >

Re: What is happening here? (TLS Library Problem)

vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> > >> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > >> from=, size=34628, nrcpt=1 (queue active) > >> Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: > >> error:0A000

Re: What is happening here? (TLS Library Problem)

stfix/qmgr[8801]: CC868E75AA1E: >> from=, size=34628, nrcpt=1 (queue active) >> Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: >> error:0A000126:SSL routines::unexpected eof while >> reading:ssl/record/rec_layer_s3.c:309: >> Jun 09 23:37:48 m

Re: What is happening here? (TLS Library Problem)

sgroep-ops.net> > Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > from=, size=34628, nrcpt=1 (queue active) > Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: > error:0A000126:SSL routines::unexpected eof while > reading:ssl/record/rec_layer_s3.c:309: > Ju

Re: What is happening here? (TLS Library Problem)

E: > message-id=<220609233739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> > Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: > from=, size=34628, nrcpt=1 (queue active) > Jun 09 23:37:48 mail smtp/smtpd[4296]:

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 10:55:50PM +0200, Steffen Nurpmeso wrote: > # That one is for client certificates! > #smtpd_tls_CAfile = /etc/dovecot/cert.pem The "smtpd_tls_CAfile" is unused bloat unless you solicit client certificates, and even/especially then should NOT be the standard WebPKI CA b

What is happening here? (TLS Library Problem)

739.sim_40lt1wa1poje3tjw6hnmtvk29xxj_ghn7vvejgut3cs3hljfekzafd9hipabzz8ro0vetlr2qj0j2ddp9oie2u%2bfuro...@ims-smtp133.persgroep-ops.net> Jun 09 23:37:48 mail postfix/qmgr[8801]: CC868E75AA1E: from=, size=34628, nrcpt=1 (queue active) Jun 09 23:37:48 mail smtp/smtpd[4296]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof

Re: TLS library problem: error:141FC044 after enabling TLS

Steffen Nurpmeso wrote in <20220609205550.kbvci%stef...@sdaoden.eu>: ... |.. But .. in fact postfix's TLS configuration regarding CAfile |made me appear so foolish i kept | | # That one is for client certificates! | #smtpd_tls_CAfile = /etc/dovecot/cert.pem | |in my configuration. I can

Re: TLS library problem: error:141FC044 after enabling TLS

Viktor Dukhovni wrote in : |On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote: |> On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote: |>> [also there is |>> smtpd_tls_mandatory_exclude_ciphers = |>> aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, |>>

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote: > On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote: > > [also there is > > smtpd_tls_mandatory_exclude_ciphers = > > aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, > > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-C

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote: > [also there is > smtpd_tls_mandatory_exclude_ciphers = > aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, > CBC3-SHA > but i definetely should put more car

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 06:47:10PM +0200, Benny Pedersen wrote: > On 2022-06-09 17:13, Linda Pagillo wrote: > > Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours > > of staring at the screen. Josef.. THANK YOU. > > >> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 > >

Re: TLS library problem: error:141FC044 after enabling TLS

Benny Pedersen wrote in <37a797bed4aeb5c01b75c262ba0fe...@junc.eu>: |On 2022-06-09 17:13, Linda Pagillo wrote: |> Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours |> of staring at the screen. Josef.. THANK YOU. | |>> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

Re: TLS library problem: error:141FC044 after enabling TLS

On 2022-06-09 17:13, Linda Pagillo wrote: Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours of staring at the screen. Josef.. THANK YOU. smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 tlsv1.1 is more weak then tlsv1, so keep tlsv1

Re: TLS library problem: error:141FC044 after enabling TLS

smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3 On 09.06.22 16:41, Josef Vybíhal wrote: By this you basically DISABLED all tls protocols. The ! means "not". Try this: smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 no, try this: smtpd_tls_protocols=!SSLv2,!SSL

Re: TLS library problem: error:141FC044 after enabling TLS

: TLS library problem: error:141FC044:SSL routines:tls_setup_handshake:internal error:../ssl/statem/statem_lib.c:109: Jun 8 17:16:52 g1 postfix/smtpd[2153672]: lost connection after STARTTLS from mail-pl1-f180.google.com[209.85.214.180] Jun 8 17:16:52 g1 postfix/smtpd[2153672]: disconnect from

Re: TLS library problem: error:141FC044 after enabling TLS

Holy cow!! I cannot believe I overlooked this!!! Ugh.. too many hours of staring at the screen. Josef.. THANK YOU. Fixed! :) On Thu, Jun 9, 2022 at 9:41 AM Josef Vybíhal wrote: > Hi, > > > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3 > > By this you basically DISABLED

Re: TLS library problem: error:141FC044 after enabling TLS

Hi, > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 !TLSv1.2 !TLSv1.3 By this you basically DISABLED all tls protocols. The ! means "not". Try this: smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 You can use https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=i

TLS library problem: error:141FC044 after enabling TLS

.google.com[209.85.214.180] Jun 8 17:16:52 g1 postfix/smtpd[2153672]: SSL_accept error from mail-pl1-f180.google.com[209.85.214.180]: -1 Jun 8 17:16:52 g1 postfix/smtpd[2153672]: warning: TLS library problem: error:141FC044:SSL routines:tls_setup_handshake:internal error:../ssl/statem/statem_lib.c

Re: TLS library problem: no shared cipher

ect error to mx.unx.se[2600:3c04::f03c:91ff:feea:d4d]:25: -1 posttls-finger: warning: TLS library problem: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40: I'm running Postfix 3.6-20200830 compiled with openssl-1.1.1g

Re: TLS library problem: no shared cipher

On Tue, 22 Sep 2020, Herbert J. Skuhra wrote: On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote: Is it possible to not announce STARTTLS to some clients? http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps Thank you! Problem circumvented but not solved

Re: TLS library problem: no shared cipher

SL_accept error from > dragon.trusteddomain.org[208.69.40.156]: -1 > Sep 22 13:11:25 postfix/smtpd[21000]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared > cipher:ssl/statem/statem_srvr.c:2284: > Sep 22 13:11:25 postfix/smtpd[21000]:

Re: TLS library problem: no shared cipher

On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote: > > Is it possible to not announce STARTTLS to some clients? http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps -- Herbert

TLS library problem: no shared cipher

21000]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2284: Sep 22 13:11:25 postfix/smtpd[21000]: lost connection after STARTTLS from dragon.trusteddomain.org[208.69.40.156] Sep 22 13:11:25 postfix/smtpd[21000]: disco

Re: TLS library problem

Thank you for that, Wietse. I'm inclined to agree that talktalk is at fault here, allowing a second try to succeed. Has anyone here found this problem with talktalk? -- Dave Stiles

Re: TLS library problem

Linkcheck: > Thank you for your response, Wietse. Apologies for the delay in my > reply. I read the document you suggested and noted the possible scenario > but cannot ascribe it to this situation. > > I have been finding out a bit more about the problem. > > The sender and his son have been ge

Re: TLS library problem

Linkcheck: > May 13 12:16:25 BRISTOLWEB postfix/submission/smtpd[12960]: warning: TLS > library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption > failed or bad record mac:s3_pkt.c:532: Choose one or more. 1: broken TCP or broken proxy. The TCP content was mo

TLS library problem

[12927]: ACA963200DC: message-id= May 13 12:16:25 BRISTOLWEB postfix/submission/smtpd[12960]: warning: TLS library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:532: May 13 12:16:25 BRISTOLWEB postfix/submission/smtpd[12960]: lost connection after

Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

? From: hamdi201...@gmail.comSent: February 7, 2020 10:37 PMTo: postfix-users@postfix.orgSubject: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol? Hi everyone

Re: warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

On Sat, Feb 08, 2020 at 09:36:41AM +0300, Andreas X wrote: > Hi everyone. I have a php contact form, that reports the following postfix > error (getting that in maillog file): https://hastepaste.com/view/jr41N It is rude to post links to pastebins. If you want help, please paste all the logs for

warning: TLS library problem: routines:ssl_choose_client_version:unsupported protocol?

Hi everyone. I have a php contact form, that reports the following postfix error (getting that in maillog file): https://hastepaste.com/view/jr41N The same applies for, when I send an e-mail to that e-mail address by using Outlook. Obviously my mail server having troubles sending e-mails to some

Re: warning: TLS library problem - messages in log

> On Apr 29, 2018, at 12:06 PM, Dominic Raferd wrote: > > > Thanks Viktor, I will bear this in mind for the future. But even if > (with your help) I could determine exactly what the problem was for > these two senders I think there is zero chance they would be > interested in hearing from me a

Re: warning: TLS library problem - messages in log

On 29 April 2018 at 16:57, Viktor Dukhovni wrote: > > >> On Apr 29, 2018, at 3:37 AM, Dominic Raferd wrote: >> >> This is a genuine and expected sender (VoIP provider). I am less sure >> about atlas.net.tr, but it is probably genuine and expected by >> recipient too. Unwanted ones I have not both

Re: warning: TLS library problem - messages in log

> On Apr 29, 2018, at 3:37 AM, Dominic Raferd wrote: > > This is a genuine and expected sender (VoIP provider). I am less sure > about atlas.net.tr, but it is probably genuine and expected by > recipient too. Unwanted ones I have not bothered to report here. > > I don't require encryption on p

Re: warning: TLS library problem - messages in log

On 29 April 2018 at 08:35, Viktor Dukhovni wrote: > > >> On Apr 29, 2018, at 3:28 AM, @lbutlr wrote: >> >> It appears that Swiss domain uses Google for their email: >> >> finarea.ch. 21599 IN MX 20 alt2.aspmx.l.google.com. >> finarea.ch. 21599 IN MX 30

Re: warning: TLS library problem - messages in log

> On Apr 29, 2018, at 3:28 AM, @lbutlr wrote: > > It appears that Swiss domain uses Google for their email: > > finarea.ch. 21599 IN MX 20 alt2.aspmx.l.google.com. > finarea.ch. 21599 IN MX 30 aspmx2.googlemail.com. > finarea.ch. 21599 IN

Re: warning: TLS library problem - messages in log

On 29 Apr 2018, at 01:18, Dominic Raferd wrote: > I've now found similar fall-backs for atlas.net.tr (Turkish service > provider) - same TLS problem 'error:1408A10B:SSL > routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:'. I > guess that (in both cases) this is because the incomin

Re: warning: TLS library problem - messages in log

fix/smtpd[6043]: connect from smtp1.finarea.ch[77.72.174.188] 2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: SSL_accept error from smtp1.finarea.ch[77.72.174.188]: -1 2018-03-26 00:29:22 ourdomain postfix/smtpd[6043]: warning: TLS library problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wro

Re: warning: TLS library problem - messages in log

> On Apr 28, 2018, at 3:40 AM, Dominic Raferd wrote: > > So far I have one genuine sender that is failing TLS, but upon > checking I see that it falls back to cleartext. It'd be interesting to know why that particular sender is having trouble. Can you provide more detail? Some senders have S

Re: warning: TLS library problem - messages in log

On 27 April 2018 at 17:17, Viktor Dukhovni wrote: > > >> On Apr 27, 2018, at 2:22 AM, Dominic Raferd wrote: >> >> $ grep -a "warning: TLS library problem" /var/log/mail.log.1 >> /var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr >>

Re: warning: TLS library problem - messages in log

> On Apr 27, 2018, at 2:22 AM, Dominic Raferd wrote: > > $ grep -a "warning: TLS library problem" /var/log/mail.log.1 > /var/log/mail.log|grep -o "error:.*"|sort|uniq -c|sort -nr > 12 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version &g

Re: warning: TLS library problem - messages in log

On 27 April 2018 at 08:57, Poliman - Serwis wrote: > 2018-04-27 8:22 GMT+02:00 Dominic Raferd : >> >> I have always received a number of warning messages (from >> postfix/smtpd) stating 'TLS library problem' in my mail logs and I >> think they are always foll

Re: warning: TLS library problem - messages in log

messages (from > postfix/smtpd) stating 'TLS library problem' in my mail logs and I > think they are always followed by a dropped incoming connection. I > have hitherto assumed that they reflect a badly-configured (probably > spamming) foreign client/host, but the messages

warning: TLS library problem - messages in log

I have always received a number of warning messages (from postfix/smtpd) stating 'TLS library problem' in my mail logs and I think they are always followed by a dropped incoming connection. I have hitherto assumed that they reflect a badly-configured (probably spamming) foreign client

Re: warning: TLS library problem

On Jan 24, 2018, at 9:25 PM, li...@lazygranch.com wrote: postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: Should I be blocking some encryption method? I thought openssl dropped support for the hackable

Re: warning: TLS library problem

> On Jan 24, 2018, at 9:25 PM, li...@lazygranch.com wrote: > > postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL > routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: > > Should I be blocking some encryption method? I thought openssl dropped

warning: TLS library problem

postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: Should I be blocking some encryption method? I thought openssl dropped support for the hackable protocols.

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

>> thanks, both were from same no hostname IP address >> >> # host 125.212.217.214 >> Host 214.217.212.125.in-addr.arpa. not found: 3(NXDOMAIN) > > According to "whois" that's an IP address in Vietnam... > well, we have about 20+ users located in Bangkok (whilst server is in Aus), so I'd guess con

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > With Postfix 2.11 or later, just leave this empty, session tickets work > better. Viktor, thanks does 'leave empty' means have it present on main.cf up to '=' ? as so ? smtpd_tls_session_cache_database =

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

> On Dec 26, 2017, at 1:39 AM, li...@sbt.net.au wrote: Overall quite standard. Nothing to worry about. > smtpd_tls_session_cache_timeout = 36000s 10 hours is perhaps too long to be useful. Just let the default stand. > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

> On Dec 26, 2017, at 1:34 AM, li...@sbt.net.au wrote: > >> >> Generally no. There are some SMTP clients that both TLS, s/both/botch/ Hope that's less confusing. >> they'll either retry in the clear, or they are likely shoddy >> spamware. >> Other log messages will show the IP addre

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

>> On Dec 25, 2017, at 8:57 PM, li...@sbt.net.au wrote: > This of course assumes you've not configured particularly exotic TLS > settings on your end. Viktor, thanks again, I hope it's not exotic, not to my knowledge, anyhow: that that show what it is ? suggestions and corrections appreciated

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

disconnect from unknown[125.212.217.214] ehlo=1 starttls=1 commands=2 Dec 25 08:39:24 geko postfix/smtpd[9701]: SSL_accept error from unknown[125.212.217.214]: -1 Dec 25 08:39:24 geko postfix/smtpd[9701]: warning: TLS library problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version

Re: TLS library problem: error:140760FC:SSL routines, is it a problem ?

> On Dec 25, 2017, at 8:57 PM, li...@sbt.net.au wrote: > > anything to worry about ? Generally no. There are some SMTP clients that both TLS, they'll either retry in the clear, or they are likely shoddy spamware. > # grep 'TLS library problem' /var/log/maillog* &

TLS library problem: error:140760FC:SSL routines, is it a problem ?

whilst installing/configuring 2.1 to 3.2.x migration (using 2.1 main/master on 3.2 install), noticed these errors: anything to worry about ? # grep 'TLS library problem' /var/log/maillog* /var/log/maillog:Dec 25 08:39:21 geko postfix/smtpd[9701]: warning: TLS library problem: error:14

Re: SSL_accept error/TLS library problem

On Tue, Mar 08, 2016 at 10:10:13AM +0100, Thomas Keller wrote: > postfix/smtpd[2608]: connect from 61-216-2-13.HINET-IP.hinet.net[61.216.2.13] A compromised botnet machine is connecting to your Postfix server. > postfix/smtpd[2608]: warning: TLS library problem: 2608:error:1408F1

SSL_accept error/TLS library problem

could somebody please explain what these errors mean ? postfix/smtpd[2608]: connect from 61-216-2-13.HINET-IP.hinet.net[61.216.2.13] postfix/smtpd[2608]: SSL_accept error from 61-216-2-13.HINET-IP.hinet.net[61.216.2.13]: -1 postfix/smtpd[2608]: warning: TLS library problem: 2608:error

Re: TLS library problem

> 2 of large size or quantity; generous or abundant:   Definitely meant as above. Steve

Re: TLS library problem

On Thu, Feb 19, 2015 at 04:29:51PM -, st...@thornet.co.uk wrote: > Thanks very much for your fulsome response. > I'll do some more checking Note: :-) fulsome: adjective 1 complimentary or flattering to an excessive degree: 'the press are embarrassingly fulsome in their appreci

Re: TLS library problem

> * This is logged by your smtpd(8) server. > > * A small set of organizations operate remote SMTP clients that > trigger this warning when sending email to you. Most inbound > mail uses TLS without generating said warning. > [snip] Viktor Thanks very much for your fulsome

Re: TLS library problem

On Thu, Feb 19, 2015 at 03:53:13PM -, st...@thornet.co.uk wrote: > We have lots of these in the logs > > warning: TLS library problem:15696:error:14094416: > SSL routines:SSL3_READ_BYTES: > sslv3 alert certificate unknown: > s3_pkt.c:1256: > SSL alert numbe

Re: TLS library problem

Am 19.02.2015 um 16:53 schrieb st...@thornet.co.uk: We have lots of these in the logs warning: TLS library problem: 15696:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1256:SSL alert number 46: Should I be worried? without the realted loglines above

TLS library problem

We have lots of these in the logs warning: TLS library problem: 15696:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1256:SSL alert number 46: Should I be worried ? Thanks Steve

Re: TLS Library Problem

On Sun, Feb 01, 2015 at 11:42:30PM +0100, li...@rhsoft.net wrote: > >For MSAs offering service to Joe Public, sure you'll want a CA-issued > >cert. > > I only referred to "the interval between expiry is long enough that I get to > learn everything over from first principles every time I have to r

Re: TLS Library Problem

Am 01.02.2015 um 23:15 schrieb Viktor Dukhovni: On Sun, Feb 01, 2015 at 10:32:53PM +0100, li...@rhsoft.net wrote: just make it once in your lifetime, create a template for default params and a script with minimal maintainance like for hash-method and keylength - the script below in any case bui

Re: TLS Library Problem

On Sun, Feb 01, 2015 at 10:32:53PM +0100, li...@rhsoft.net wrote: > just make it once in your lifetime, create a template for default params and > a script with minimal maintainance like for hash-method and keylength - the > script below in any case builds a self signed PEM with key and cert as we

Re: TLS Library Problem

Am 01.02.2015 um 22:26 schrieb LuKreme: On 01 Feb 2015, at 05:41 , DTNX Postmaster wrote: By the way, CA-signed certificates start at less than $10/year, so if you ever do run into an issue which might be resolved by getting one, and your configuration isn't too complex, I would suggest spe

Re: TLS Library Problem

On 01 Feb 2015, at 05:41 , DTNX Postmaster wrote: > By the way, CA-signed certificates start at less than $10/year, so if you > ever do run into an issue which might be resolved by getting one, and your > configuration isn't too complex, I would suggest spending that little bit of > money. > >

Re: TLS Library Problem

On Sun, Feb 01, 2015 at 02:13:46AM -0700, LuKreme wrote: > > Which confirms that the problem is with your SMTP server as expected. > > It does? Sorry, confirms that the problem is observed on the server side. The evidence to conclude which side is not there. However, both Postfix and OpenSSL ar

Re: TLS Library Problem

On 01 Feb 2015, at 10:13, LuKreme wrote: > On Jan 31, 2015, at 7:15 PM, Viktor Dukhovni > wrote: >> On Sat, Jan 31, 2015 at 05:16:33PM -0700, LuKreme wrote: >> >>> The start was just date stamp info and PID: >>> >>> Jan 31 01:52:10 mail postf

Re: TLS Library Problem

On Jan 31, 2015, at 7:15 PM, Viktor Dukhovni wrote: > On Sat, Jan 31, 2015 at 05:16:33PM -0700, LuKreme wrote: > >> The start was just date stamp info and PID: >> >> Jan 31 01:52:10 mail postfix/smtpd[62297]: warning: TLS library problem: >> error:14094412:SSL

Re: TLS Library Problem

On Sat, Jan 31, 2015 at 05:16:33PM -0700, LuKreme wrote: > The start was just date stamp info and PID: > > Jan 31 01:52:10 mail postfix/smtpd[62297]: warning: TLS library problem: > error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate:s3_pkt.c:1293:SSL

Re: TLS Library Problem

On Jan 31, 2015, at 4:28 PM, Viktor Dukhovni wrote: > On Sat, Jan 31, 2015 at 03:34:35PM -0700, LuKreme wrote: > >> Since I am not seeing a load of these, I am assuming this is indicating the >> error is on the other end? >> >> TLS libra

Re: TLS Library Problem

On Sat, Jan 31, 2015 at 03:34:35PM -0700, LuKreme wrote: > Since I am not seeing a load of these, I am assuming this is indicating the > error is on the other end? > > TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert > bad certificate:s3_pkt.c:1293:S

TLS Library Problem

Since I am not seeing a load of these, I am assuming this is indicating the error is on the other end? TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1293:SSL alert number 42: -- 'There has to be enough light,' he panted, &

Re: TLS library problem - handshake failure

> Any thoughts on next steps without having to contact the target > domains? I have read about disabling TLSEXT_TYPE_PADDING when > compiling OpenSSL - would this be my next step, or was this somehow > fixed in the releases we are using? Any other way I could simulate > this problem, as we have h

  1   2   >