On Tue, Feb 06, 2024 at 06:50:28PM +0100, Maurizio Caloro via Postfix-users wrote:
> Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello: > no shared cipher:../ssl/statem/statem_srvr.c:2283: This looks like a client connection to your server, that was mediated by tlsproxy(8) on behalf of postscreen(8). The remote client's TLS client hello message did not list any ciphers that are enabled in your configuation and supported by your server's underlying OpenSSL library. If the client were on the postscreen whitelist, the connection would have been immediately handed off to smtpd(8), well before STARTTLS. Therefore, this was either a blacklisted client, or else a "new" client, whose IP address has either expired from the cache or has never before connected. It could also, for example, be one of the security scanners (shodan, ...) that specifically tests deprecated ciphers. That said, you've provided no information about your configuration: https://www.postfix.org/DEBUG_README.html#mail so more specific advice is not possible. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org