Hello,
can someone explain me why the 1st connection to the remote MX fails and
the 2nd connection is successful?
Is this a kind of fallback?
Thank you very much.
Jan 25 21:14:56 mx00 postfix/smtp[212676]:
mxin.upcmail.net[213.46.255.45]:25: TLS cipher list
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"
Jan 25 21:14:56 mx00 postfix/smtp[212676]: looking for session
smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
in smtp cache
Jan 25 21:14:56 mx00 postfix/tlsmgr[5623]: lookup smtp session
id=smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
Jan 25 21:14:56 mx00 postfix/smtp[212676]: SSL3 alert
read:fatal:handshake failure
Jan 25 21:14:56 mx00 postfix/smtp[212676]: SSL_connect:error in error
Jan 25 21:14:56 mx00 postfix/smtp[212676]: SSL_connect error to
mxin.upcmail.net[213.46.255.45]:25: -1
Jan 25 21:14:56 mx00 postfix/smtp[212676]: warning: TLS library problem:
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
failure:../ssl/record/rec_layer_s3.c:1543:SSL alert number 40:
Jan 25 21:14:56 mx00 postfix/smtp[212676]: remove session
smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
from client cache
Jan 25 21:14:56 mx00 postfix/tlsmgr[5623]: delete smtp session
id=smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
Jan 25 21:14:56 lnxs001 postfix/smtp[212676]: 4DPh17737gz9rxf:
to=<us...@unity-mail.de>, relay=mxin.upcmail.net[213.46.255.45]:25,
delay=4.9, delays=4.1/0.24/0.6/0, dsn=4.7.5, status=deferred (Cannot
start TLS: handshake failure)
Jan 25 21:14:56 mx00 postfix/smtp[212676]: 4DPh17737gz9rxf:
to=<us...@unity-mail.de>, relay=mxin.upcmail.net[213.46.255.45]:25,
delay=4.9, delays=4.1/0.24/0.6/0, dsn=4.7.5, status=deferred (Cannot
start TLS: handshake failure)
Jan 25 21:23:22 mx00 postfix/smtp[213255]:
mxin.upcmail.net[213.46.255.45]:25: TLS cipher list
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"
Jan 25 21:23:22 mx00 postfix/smtp[213255]: looking for session
smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
in smtp cache
Jan 25 21:23:22 mx00 postfix/tlsmgr[5623]: lookup smtp session
id=smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
Jan 25 21:23:22 mx00 postfix/smtp[213255]: SSL_connect:before SSL
initialization
Jan 25 21:23:22 mx00 postfix/smtp[213255]: SSL_connect:SSLv3/TLS write
client hello
Jan 25 21:23:22 mx00 postfix/smtp[213255]: SSL3 alert
read:fatal:handshake failure
Jan 25 21:23:22 mx00 postfix/smtp[213255]: SSL_connect:error in error
Jan 25 21:23:22 mx00 postfix/smtp[213255]: SSL_connect error to
mxin.upcmail.net[213.46.255.45]:25: -1
Jan 25 21:23:22 mx00 postfix/smtp[213255]: warning: TLS library problem:
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
failure:../ssl/record/rec_layer_s3.c:1543:SSL alert number 40:
Jan 25 21:23:22 mx00 postfix/smtp[213255]: remove session
smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
from client cache
Jan 25 21:23:22 mx00 postfix/tlsmgr[5623]: delete smtp session
id=smtp&unity-mail.de&mxin.upcmail.net&213.46.255.45&&77D8B78F5DA897AD64E46B0DA492CFBF7D937A85DC5EDD2EF07C44795165A9E1
Jan 25 21:23:22 mx00 postfix/smtp[213255]: 4DPh17737gz9rxf: Cannot start
TLS: handshake failure
Jan 25 21:23:22 mx00 postfix/smtp[213255]: Host offered STARTTLS:
[mxin.upcmail.net]
Jan 25 21:23:22 mx00 postfix/smtp[213255]: 4DPh17737gz9rxf:
to=<us...@unity-mail.de>, relay=mxin.upcmail.net[213.46.255.45]:25,
delay=511, delays=510/0.05/0.23/0.38, dsn=2.0.0, status=sent (250 2.0.0
MXIN650 mail accepted for delivery
;id=48OQluXZa2HRF48OQlKqf2;sid=48OQluXZa2HRF;mta=vie01a-pemc-pmxin-pe11;dt=2021-01-25T21:23:22+01:00;ipsrc=85.183.142.13;)
Jan 25 21:23:22 mx00 postfix/smtp[213255]: 4DPh17737gz9rxf:
to=<us...@unity-mail.de>, relay=mxin.upcmail.net[213.46.255.45]:25,
delay=511, delays=510/0.05/0.23/0.38, dsn=2.0.0, status=sent (250 2.0.0
MXIN650 mail accepted for delivery
;id=48OQluXZa2HRF48OQlKqf2;sid=48OQluXZa2HRF;mta=vie01a-pemc-pmxin-pe11;dt=2021-01-25T21:23:22+01:00;ipsrc=85.183.142.13;)
postconf mail_version
mail_version = 3.4.13
# TLS
tls_append_default_CA = yes
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
lmtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
tls_random_source = dev:/dev/urandom
tls_ssl_options = NO_COMPRESSION,0x40000000
tls_high_cipherlist =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY
1305
# outgoing TLS
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtp_tls_loglevel = 2
smtp_tls_cert_file = /var/certs/backschues.net/cert.pem
smtp_tls_key_file = /var/certs/backschues.net/privkey.pem
smtp_tls_CAfile = /var/certs/backschues.net/chain.pem
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_policy_maps =
hash:${config_directory}/policies/tls_policy_outgoing.hash,socketmap:inet:127.0.0.1:8461:postfix
cipher list mxin.upcmail.net:
TLSv1.2:
| ciphers:
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Forward Secrecy not supported by any cipher
--
Kind Regards
Jörg Backschues
