On 2/17/2022 12:38 AM, P.V.Anthony wrote:
Hi,
Cannot receive email from ansmtp.ariba.com[216.109.104.12]
The following error is in the log.
----------- start --------------
Feb 14 18:26:22 mail postfix/smtpd[210806]: SSL_accept:SSLv3/TLS
write server done
Feb 14 18:26:22 mail postfix/smtpd[210806]: SSL_accept:error in
SSLv3/TLS write server done
Feb 14 18:26:22 mail postfix/smtpd[210806]: SSL_accept error from
ansmtp.ariba.com[216.109.104.12]: Connection reset by peer
Feb 14 18:26:22 mail postfix/smtpd[210806]: lost connection after
STARTTLS from ansmtp.ariba.com[216.109.104.12]
------------ end ---------------
Assuming the error is on their end and so decided to use
smtp_tls_policy_maps to set tls_security_level for that domain to none.
smtp_tls_policy_maps is for sending mail, not receiving.
The fix is to tell your postfix to not offer STARTTLS in the EHLO
response, using smtpd_discard_ehlo_keyword_address_maps
http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
something like:
# main.cf
smtpd_discard_ehlo_keyword_address_maps =
cidr:/etc/postfix/discard_ehlo_keyword_map.cidr
# /etc/postfix/discard_ehlo_keyword_map.cidr
216.109.104.12 starttls
-- Noel Jones