On 17.06.2022 09:40, s wrote:
Hi
I have used Let's Encrypt certificates in OpenSMTPD (6.8.0p2-4+b2).
The OpenSSL package for the Debian bookworm/sid was updated from
version 1.1.1o-1 to version 3.0.3-7. Now TLS no longer works and the
log includes, for example:
Jun 16 17:36:39 abc smtpd[1610]: 1cc7ae11a090164a smtp connected
address=209.85.221.50 host=mail-wr1-f50.google.com
<http://mail-wr1-f50.google.com>
Jun 16 17:36:39 abc smtpd[1610]: 1cc7ae11a090164a smtp disconnected
reason="io-error: error:0A080006:SSL routines::EVP lib"
Jun 17 02:01:30 abc smtpd[1610]: 1cc7b059a9080695 smtp connected
address=203.147.7.226 host=<unknown>
Jun 17 02:01:31 abc smtpd[1610]: 1cc7b059a9080695 smtp disconnected
reason="io-error: error:0A0C0103:SSL routines::internal error"
Everything worked with the old OpenSSL version. Is it worth checking
the mailserver-settings, the certificate, or trying to downgrade OpenSSL?
Relevant part my smtpd.conf:
pki mail.domain.com <http://mail.domain.com> cert
"/etc/letsencrypt/live/mail.domain.com/fullchain.pem
<http://mail.domain.com/fullchain.pem>"
pki mail.domain.com <http://mail.domain.com> key
"/etc/letsencrypt/live/mail.domain.com/privkey.pem
<http://mail.domain.com/privkey.pem>"
...
listen on eth0 tls pki mail.domain.com <http://mail.domain.com>
hostname mail.domain.com <http://mail.domain.com> filter { "rdns",
"fcrdn", "rspamd" }
listen on eth0 port 465 smtps pki mail.domain.com
<http://mail.domain.com> hostname mail.domain.com
<http://mail.domain.com> auth <passwds> filter "rspamd"
listen on eth0 port 587 tls-require pki mail.domain.com
<http://mail.domain.com> hostname mail.domain.com
<http://mail.domain.com> auth <passwds> filter "rspamd"
More info here:
https://github.com/OpenSMTPD/OpenSMTPD/issues/1171
Good luck
Reio
