On 2022-04-09 at 02:52:54 UTC-0400 (Sat, 9 Apr 2022 08:52:54 +0200)
Admin Beckspaced <ad...@beckspaced.com>
is rumored to have said:
Dear Postfix users,
a client told me they don't receive emails from a specific client.
A look in the mail server logs reveals the following:
Apr 8 09:53:07 cx20 postfix/smtpd[5402]: connect from
mail.euronet-ag.de[195.14.239.4]
Apr 8 09:53:07 cx20 postfix/smtpd[5402]: SSL_accept error from
mail.euronet-ag.de[195.14.239.4]: -1
Apr 8 09:53:07 cx20 postfix/smtpd[5402]: warning: TLS library
problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no
shared cipher:ssl/statem/statem_srvr.c:2260:
Apr 8 09:53:07 cx20 postfix/smtpd[5402]: lost connection after
STARTTLS from mail.euronet-ag.de[195.14.239.4]
In the email from my client I also see error messages from a Microsoft
Exchange server.
So I suppose it's a MS Exchange. Perhaps an ancient version?
Shodan says that IP is running IIS/8.5, which is about a decade old.
How could I fix this?
According to
https://www.ssllabs.com/ssltest/analyze.html?d=mail.euronet-ag.de the
IIS server on port 443 on that IP (which presents an OWA login screen)
only supports TLS through 1.2 and only supports CBC ciphersuites.
Default Postfix config for 3.7 with a reasonably current OpenSSL should
work with this. If you have tightened up your TLS configuration to
require TLS 1.3 or to not use CBC ciphersuites, that could explain the
problem.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
