Roland Freikamp: > On 2020-05-15 12:56:18 -0400, Wietse Venema wrote: > > Roland Freikamp: > > > Hi, > > > > > > I recently upgraded my mailserver-linux-system, which also upgraded > > > Postfix > > > from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt). > > > The Postfix-configuration did not change. > > > Since then, some mails could not be delivered to my server, because it > > > seems that the mailservers could not agree on a TLS algorithm: > > > > > > postfix/smtpd[17880]: connect from ...[...] > > > postfix/smtpd[17880]: SSL_accept error from ...[...]: -1 > > > postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL > > > routines:tls_post_process_client_hello:no shared > > > cipher:ssl/statem/statem_srvr.c:2282: > > > postfix/smtpd[17880]: lost connection after STARTTLS from ...[...] > > > postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 > > > commands=1/2 > > > > > > Setting "smtpd_tls_ciphers = low" did not help; the only way to receive > > > the mails was disabling TLS completely ("smtpd_tls_security_level = > > > none"). > > > But I would like to enable TLS again. > > > > > > Do you know what the reason could be and how it could be fixed? > > > (Change in Postfix default configuration? Bad certificate? Bad TLS > > > library? > > > Bad TLS on other mailserver?) > > > > The crystal ball isn't working. What is the output from: > > postconf -nf | grep tls
grepp'ed with 'ciphers': > smtp_tls_ciphers = medium > smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA > smtp_tls_mandatory_ciphers = medium > tls_preempt_cipherlist = yes Before asking for help, try removing those settings. Wietse