Hello! "@lbutlr" <krem...@kreme.com> schrieb am 19.07.20 um 06:33:10 Uhr:
> On 18 Jul 2020, at 07:25, ratatouille <ratatoui...@bitclusive.de> wrote: > > mail_version = 3.3.1 > > This is quite old. The current version of 3.3.x is 3.3.12. > > > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: > > p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]: TLS cipher list > > "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!aNULL" > > I don't see a line like this in my logs. Are you setting a custom set of > ciphers? This looks like tls_medium_cipherlist. This is smtpd_tls_loglevel = 2 No special cipherlist smtpd_tls_ciphers = medium smtpd_tls_mandatory_ciphers = medium > > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: SSL3 alert > > write:fatal:protocol version > > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: SSL_accept:error in error > > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: SSL_accept error from > > p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]: -1 > > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: warning: TLS library > > problem: error:14209102:SSL > > routines:tls_early_post_process_client_hello:unsupported > > protocol:ssl/statem/statem_srvr.c:1661: > > What does this look like owhen your Claws MIA connects? This is what I see with claws-mail MUA, smtpd_tls_loglevel = 1 Jul 19 22:41:37 dualbit1 postfix/smtpd[834008]: connect from p57b62c8e.dip0.t-ipconnect.de[87.182.44.142] Jul 19 22:41:37 dualbit1 postfix/smtpd[834008]: Anonymous TLS connection established from p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jul 19 22:41:38 dualbit1 postfix/smtpd[834008]: 335E530E891C: client=p57b62c8e.dip0.t-ipconnect.de[87.182.44.142], sasl_method=CRAM-MD5, sasl_username=andr...@dualbit.de Jul 19 22:41:38 dualbit1 postfix/cleanup[834012]: 335E530E891C: message-id=<20200719224136.7349af0e@workstation.bitcorner.intern> Jul 19 22:41:38 dualbit1 postfix/qmgr[633245]: 335E530E891C: from=<andr...@dualbit.de>, size=745, nrcpt=1 (queue active) Jul 19 22:41:38 dualbit1 postfix/smtpd[834008]: disconnect from p57b62c8e.dip0.t-ipconnect.de[87.182.44.142] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 Jul 19 22:41:44 dualbit1 postfix/smtp[834013]: Trusted TLS connection established to smtp.bitclusive.de[92.60.38.182]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jul 19 22:41:45 dualbit1 postfix/smtp[834013]: 335E530E891C: host smtp.bitclusive.de[92.60.38.182] said: 450 4.2.0 <a.me...@bitclusive.de>: Recipient address rejected: Greylisted for 300 seconds (in reply to RCPT TO command) > But the basic answer is your android device and your mail server cannot find > a common secure protocol. This is normally caused by you restricting security > protocols or, less commonly, by a client that is trying to downgrade > security. I am pretty sure that you need to update you postfix and your > openssl (or whatever package you are using for TLS). I am not aware I restrict security protocls on this testserver. This android version is old, it's version 4.0.3. I had problems connecting to dovecot too and found out android is using TLSv1. > I am suspicious of your "SSL3" in there as that should absolutely not be > used, and the default in postfix is > > smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 Interestingly I don't have this problem with android connecting to a postfixserver 2.11.11. Andreas
