On Thu, Feb 26, 2026 at 01:15:35PM +0000, Fehlauer, Norbert via mailop wrote:
> Hi John,
>
> thanks for your answer.
>
> I got another logfile from the sending side:
Removing all the line-breaks from that log dump is extremely unhelpful.
And what exactly is a manual connection with `s_client` expected to
demonstrate?
> # openssl s_client -starttls smtp -connect edge01.systema-online.de:25
> ...
> Peer signing digest: SHA256
> Peer signature type: RSA-PSSServer
> Temp Key: ECDH, secp384r1, 384 bits
> Verification: OK
> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
...
> 250 SMTPUTF8
> ehlo mx.self-hosted.email
> 451 4.7.0 Timeout waiting for client input
> 40A7BCB1747C0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while
> reading:../ssl/record/rec_layer_s3.c:316
Don't know how long the SSL client just sat there sending nothing, but
if that "451" from the server was sent in a manner of seconds, perhaps
the server's idle timeout is much too aggressive.
> Don’t know if you might find that helpful. But at least that’s openssl.
Mostly not useful, because not a mail client. But, FWIW, when I repeat the
same "test", the ~60s timeout seems mostly reasonable:
$ time openssl s_client -starttls smtp -connect edge01.systema-online.de:25
-brief
Connecting to 2a00:0:2d41:2:178:15:145:73
depth=1 C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA
DV R36
verify error:num=20:unable to get local issuer certificate
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
Peer certificate: CN=edge01.systema-online.de
Hash used: SHA256
Signature type: rsa_pss_rsae_sha256
Verification error: unable to get local issuer certificate
Peer Temp Key: ECDH, secp384r1, 384 bits
250 XSHADOW
451 4.7.0 Timeout waiting for client input
4057FD39E87F0000:error:0A000126:SSL routines::unexpected eof while
reading:ssl/record/rec_layer_s3.c:698:
4057FD39E87F0000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in
init:ssl/ssl_lib.c:2942:
real 1m2.319s
user 0m0.008s
sys 0m0.006s
Is there an actual problem here, with someone unable to deliver email,
or is just idle pursuit of oddities in your logs. The usual thing to
do is just ignore these... There's always someone probing your site,
or doing something odd... If they can't deliver mail, they should
be able to tell you that mail to you is bouncing. Otherwise nothing
to see here, move along???
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
