Hello!

"@lbutlr" <krem...@kreme.com> schrieb am 19.07.20 um 06:33:10 Uhr:

> On 18 Jul 2020, at 07:25, ratatouille <ratatoui...@bitclusive.de> wrote:
> > mail_version = 3.3.1  
> 
> This is quite old. The current version of 3.3.x is 3.3.12.
> 
> > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: 
> > p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]: TLS cipher list 
> > "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!aNULL"  
> 
> I don't see a line like this in my logs. Are you setting a custom set of 
> ciphers? This looks like tls_medium_cipherlist.

This is smtpd_tls_loglevel = 2

No special cipherlist
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium

> > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: SSL3 alert 
> > write:fatal:protocol version
> > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: SSL_accept:error in error
> > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: SSL_accept error from 
> > p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]: -1
> > Jul 18 14:55:12 dualbit1 postfix/smtpd[493943]: warning: TLS library 
> > problem: error:14209102:SSL 
> > routines:tls_early_post_process_client_hello:unsupported 
> > protocol:ssl/statem/statem_srvr.c:1661:  
> 
> What does this look like owhen your Claws MIA connects?

This is what I see with claws-mail MUA, smtpd_tls_loglevel = 1

Jul 19 22:41:37 dualbit1 postfix/smtpd[834008]: connect from 
p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]
Jul 19 22:41:37 dualbit1 postfix/smtpd[834008]: Anonymous TLS connection 
established from p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]: TLSv1.2 with 
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 19 22:41:38 dualbit1 postfix/smtpd[834008]: 335E530E891C: 
client=p57b62c8e.dip0.t-ipconnect.de[87.182.44.142], sasl_method=CRAM-MD5, 
sasl_username=andr...@dualbit.de
Jul 19 22:41:38 dualbit1 postfix/cleanup[834012]: 335E530E891C: 
message-id=<20200719224136.7349af0e@workstation.bitcorner.intern>
Jul 19 22:41:38 dualbit1 postfix/qmgr[633245]: 335E530E891C: 
from=<andr...@dualbit.de>, size=745, nrcpt=1 (queue active)
Jul 19 22:41:38 dualbit1 postfix/smtpd[834008]: disconnect from 
p57b62c8e.dip0.t-ipconnect.de[87.182.44.142] ehlo=2 starttls=1 auth=1 mail=1 
rcpt=1 data=1 quit=1 commands=8
Jul 19 22:41:44 dualbit1 postfix/smtp[834013]: Trusted TLS connection 
established to smtp.bitclusive.de[92.60.38.182]:25: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 19 22:41:45 dualbit1 postfix/smtp[834013]: 335E530E891C: host 
smtp.bitclusive.de[92.60.38.182] said: 450 4.2.0 <a.me...@bitclusive.de>: 
Recipient address rejected: Greylisted for 300 seconds (in reply to RCPT TO 
command)


> But the basic answer is your android device and your mail server cannot find 
> a common secure protocol. This is normally caused by you restricting security 
> protocols or, less commonly, by a client that is trying to downgrade 
> security. I am pretty sure that you need to update you postfix and your 
> openssl (or whatever package you are using for TLS).

I am not aware I restrict security protocls on this testserver.

This android version is old, it's version 4.0.3. I had problems connecting to 
dovecot
too and found out android is using TLSv1.

> I am suspicious of your "SSL3" in there as that should absolutely not be 
> used, and the default in postfix is
> 
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

Interestingly I don't have this problem with android connecting to a 
postfixserver 2.11.11.

  Andreas

Reply via email to