Roland Freikamp:
> On 2020-05-15 12:56:18 -0400, Wietse Venema wrote:
> > Roland Freikamp:
> > > Hi,
> > >
> > > I recently upgraded my mailserver-linux-system, which also upgraded
> > > Postfix
> > > from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
> > > The Postfix-configuration did not change.
> > > Since then, some mails could not be delivered to my server, because it
> > > seems that the mailservers could not agree on a TLS algorithm:
> > >
> > > postfix/smtpd[17880]: connect from ...[...]
> > > postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> > > postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL
> > > routines:tls_post_process_client_hello:no shared
> > > cipher:ssl/statem/statem_srvr.c:2282:
> > > postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> > > postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1
> > > commands=1/2
> > >
> > > Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
> > > the mails was disabling TLS completely ("smtpd_tls_security_level =
> > > none").
> > > But I would like to enable TLS again.
> > >
> > > Do you know what the reason could be and how it could be fixed?
> > > (Change in Postfix default configuration? Bad certificate? Bad TLS
> > > library?
> > > Bad TLS on other mailserver?)
> >
> > The crystal ball isn't working. What is the output from:
> > postconf -nf | grep tls
grepp'ed with 'ciphers':
> smtp_tls_ciphers = medium
> smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
> smtp_tls_mandatory_ciphers = medium
> tls_preempt_cipherlist = yes
Before asking for help, try removing those settings.
Wietse
