Dear co-listers,
I'm seeing an increase of SSL/TLS errors for incoming emails to our
service over the last few weeks.
Example from Mailjet, which is (I suppose) able to send email in TLS 1.2
or 1.3 instead of SSLv3:
2023-09-11T21:19:31.079142+02:00 mx4 postfix/smtpd[633448]: SSL_accept
error from o176.p8.mailjet.com[87.253.233.176]: -1
2023-09-11T21:19:31.079696+02:00 mx4 postfix/smtpd[633448]: warning: TLS
library problem: error:0A000412:SSL routines::sslv3 alert bad
certificate:../ssl/record/rec_layer_s3.c:1586:SSL alert number 42:
Another example from pphosted (ProofPoint):
2023-09-11T22:47:26.494799+02:00 mx1 postfix/smtpd[850937]: SSL_accept
error from mx0a-000e4101.pphosted.com[67.231.144.73]: -1
2023-09-11T22:47:26.496119+02:00 mx1 postfix/smtpd[850937]: warning: TLS
library problem: error:0A0000C1:SSL routines::no shared
cipher:../ssl/statem/statem_srvr.c:2220:
Even if 99% of SMTP transactions are fine, I'm still wondering if
something is not wrong on my side and I prefer to double check, and get
your suggestions.
On my side, with any recent system, I can successfully initiate an
openssl connection with this:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Can you check on your side that communication is OK with my servers? Do
I understand correctly that the servers of senders are guilty, and it's
not something on my side?
If needed, you can send a real test email to cont...@clean-mailbox.com
Our front SMTP IPs:
└─# host mx.clean-mailbox.com
mx.clean-mailbox.com has address 163.172.164.47
mx.clean-mailbox.com has address 45.63.114.93
mx.clean-mailbox.com has address 213.32.76.196
mx.clean-mailbox.com has address 51.178.81.41
mx.clean-mailbox.com has IPv6 address 2001:19f0:6801:10c:5400:ff:fe58:b68
mx.clean-mailbox.com has IPv6 address 2001:41d0:404:200::4d8f
mx.clean-mailbox.com has IPv6 address 2001:41d0:302:1000::500
Thank you!
Best regards,
Camille - Clean Mailbox
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
