* Ralph Seichter via dovecot schrieb am 06.09.23 um 22:43 Uhr: > Hello, > > I cannot seem to send STARTTLS protected mail to talvi.dovecot.org, and > I was wondering if anybody else sees similar problems: > > Sep 6 22:29:10 ra postfix/smtp[15748]: SSL_connect error to > talvi.dovecot.org[94.237.105.223]:25: -1 > Sep 6 22:29:10 ra postfix/smtp[15748]: warning: TLS library problem: > error:0A000417:SSL routines::sslv3 alert illegal > parameter:../openssl-3.0.9/ssl/record/rec_layer_s3.c:1586:SSL alert number 47: > Sep 6 22:29:10 ra postfix/smtp[15748]: 1AAE4BE0031: Cannot start TLS: > handshake failure > Sep 6 22:29:10 ra postfix/smtp[15748]: SSL_connect error to > talvi.dovecot.org[2a04:3545:1000:720:acc1:5bff:fe5e:459]:25: -1 > Sep 6 22:29:10 ra postfix/smtp[15748]: warning: TLS library problem: > error:0A000417:SSL routines::sslv3 alert illegal > parameter:../openssl-3.0.9/ssl/record/rec_layer_s3.c:1586:SSL alert number 47: > Sep 6 22:29:10 ra postfix/smtp[15748]: 1AAE4BE0031: > to=<dovecot@dovecot.org>, > relay=talvi.dovecot.org[2a04:3545:1000:720:acc1:5bff:fe5e:459]:25, delay=1.6, > delays=0.02/0.01/1.6/0, dsn=4.7.5, status=deferred (Cannot start TLS: > handshake failure) > Sep 6 22:30:05 ra postfix/smtpd[15616]: timeout after END-OF-MESSAGE from > localhost[127.0.0.1] > Sep 6 22:30:05 ra postfix/smtpd[15616]: disconnect from localhost[127.0.0.1] > ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5 > > The originating server uses Postfix 3.8.2 and OpenSSL library > 3.0.9. To be able to send messages to dovecot.org at all, I had to use > Postfix's "smtp_tls_policy_maps" setting to explicitly disable TLS for > this destination domain.
Your openssl-3.0.9 (I suppose gentoo stable?) will not allow TLSv1 or sslv3 connections bei default anymore. Wild guess: you need to explicitely allow for example DEFAULT@SECLEVEL=0 ciphersuite in postfix to make *your* openssl accept this remote sslv3 connection Cheers -Marc -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
