We have logged this problem with some of our e-mail correspondents: Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: connect from rockmx03.rockwool.com[195.191.109.227] Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: SSL_accept error from rockmx03.rockwool.com[195.191.109.227]: -1 Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: lost connection after STARTTLS from rockmx03.rockwool.com[195.191.109.227] Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: disconnect from rockmx03.rockwool.com[195.191.109.227] ehlo=1 starttls=0/1 commands=1/2
When I connect to the sender I see this: openssl s_client -connect rockmx03.rockwool.com:25 -starttls smtp CONNECTED(00000003) depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA verify return:1 depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 verify return:1 depth=0 C = DK, ST = Hedehusene, L = Hedehusene, OU = Group IT, O = Rockwool International A/S, CN = rockmx03.rockwool.com verify return:1 --- Certificate chain 0 s:C = DK, ST = Hedehusene, L = Hedehusene, OU = Group IT, O = Rockwool International A/S, CN = rockmx03.rockwool.com i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA --- Server certificate -----BEGIN CERTIFICATE----- . . . issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 --- No client certificate CA names sent Peer signing digest: MD5-SHA1 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3348 bytes and written 492 bytes Verification: OK --- New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES256-SHA Session-ID: CE4800003053F9E7B2DC6821EE8E9FE2F362B9EDEB4751BB203252D637B32DB1 Session-ID-ctx: Master-Key: D217D8A488ED2296FBA5C9889FE88238066B2E1FD50D41F54653CA2D046667F9164CD914C4E75DCAD0C4F0B0FB83E50E PSK identity: None PSK identity hint: None SRP username: None Start Time: 1577982813 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- 250 CHUNKING QUIT DONE We recently were forced by our PCI compliance audit to change our permissible ciphers. I speculate that this is the source of our problem. Our revised cipher list is: # postconf | grep tls | grep cipher lmtp_tls_ciphers = medium lmtp_tls_exclude_ciphers = lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} smtp_tls_ciphers = high smtp_tls_exclude_ciphers = MD5, aDSS, SRP, PSK, aECDH, aDH, SEED, IDEA, RC2, RC4, RC5, DES, 3DES smtp_tls_mandatory_ciphers = high smtp_tls_mandatory_exclude_ciphers = smtpd_tls_ciphers = high smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_preempt_cipherlist = no tls_session_ticket_cipher = aes-256-cbc tlsproxy_tls_ciphers = $smtpd_tls_ciphers tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers If I try to connect to our MX using ECDHE-RSA-AES256-SHA this succeeds: openssl s_client -cipher ECDHE-RSA-AES256-SHA -connect mx31.harte-lyne.ca:25 -starttls smtp -CAfile /usr/local/etc/pki/tls/certs/ca-bundle.crt CONNECTED(00000003) . . . No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 8146 bytes and written 383 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- 250 SMTPUTF8 --- Post-Handshake New Session Ticket arrived: SSL-Session: . . . I do not understand what the problem is; or rather how to fix the STARTTLS negotiation issue. I point out that this problem is affects very few of our correspondents (two at the moment) and both are located in the EU. I would appreciate any guidance as to how to correct this issue without running afoul of the PCI DSS. Thanks, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3