I have a smtpd config, which has been running for >1 year without a hitch until now. All outgoing mail is forwarded to a remote SMTP server using a config similar to an example in smtpd.conf(5).
Forwarding is failing because of "handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure" (see below for more information). I'm running current (amd64) with an update frequency of ~twice a week. This error started popping up this weekend - before the libssl/libtls/libcrypto bump. Error remains after the bump. $ cat /etc/mail/smtpd.conf table aliases file:/etc/mail/aliases table secrets file:/etc/mail/secrets listen on lo0 action "local" mbox alias <aliases> action "relay" relay host smtp+tls://u...@smtp.ziggo.nl:587 auth <secrets> match from local for local action "local" match from local for any action "relay" I bisected libssl/libtls/libcrypto (checked all changes of the last 2 months) without solving my issue. I also checked smtpd, and found that eric@'s work on moving smtpd to libtls [0] is related to my issue. Reverting smtpd to a version prior to March 5 fixes it for me. Best guess - probably a stupid one - is that the remote host changed something causing SNI related issues. Hints on how to further investigate the above are appreciated! [0] https://marc.info/?l=openbsd-cvs&m=161494786013059&w=2 debug: scheduler: scheduling evp:2b97a598686ca143 debug: scheduler: evp:2b97a598686ca143 scheduled (mta) debug: mta: querying smarthost for relay:<dynamic:0>... debug: mta: querying smarthost debug: mta: ... got smarthost for 2b97a598686ca143: smtp+tls://u...@smtp.ziggo.nl:587 debug: mta: received evp:2b97a598686ca143 for <bjorn.ketela...@hydroxide.nl> debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying secret for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: querying MX for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] waiting for MX secret debug: control -> client: pipe closed debug: clearing p=client, fd=11, pid=0 debug: mta: ... got secret for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]: AGJrZXRAemlnZ28ubmwAREgmd2pQVyZkS3V3enA2a2wqKjM= debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=2, ntask=1, nconnector=0, nconn=0 debug: mta: [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] waiting for MX debug: MXs for domain smtp.ziggo.nl: 212.54.42.9 preference -1 debug: mta: ... got mx (0x4c260099920, smtp.ziggo.nl, [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]) debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying source for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: ... got source for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]: [] debug: mta: new [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x10000] debug: mta: connecting with [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] debug: mta-routing: searching new route for [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0]... debug: mta-routing: selecting candidate route [] <-> 212.54.42.9 debug: mta-routing: spawning new connection on [] <-> 212.54.42.9 debug: mta: 0x4c2600b96d0: spawned for relay [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] debug: mta: connecting with [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] debug: mta: cannot use [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] before 2s debug: mta-routing: no route available for [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0]: must wait a bit debug: mta: retrying to connect on [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] in 2s... debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=3, ntask=1, nconnector=1, nconn=1 debug: mta: scheduling relay [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] in 1s... 9483c6637b224554 mta connecting address=smtp+tls://212.54.42.9:587 host=smtp.mail.gtm.iss.as9143.net 9483c6637b224554 mta connected debug: mta: 0x4c2600b96d0: IO error: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure 9483c6637b224554 mta error reason=IO Error: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure debug: mta: 0x4c2600b96d0: session done ...
