• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue TLS Errors in maillog

Staniel

Staniel

New Pleskian
Hello,

I have had one of my client's contact me regarding non-delivery of emails from a certain email address I have checked the MagicSpam logs and I can't see any mail being stopped in the SMTP layer. I have checked the maillog and I have found several instances in the log:

Code: 
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: SSL_accept error from server2.vykupto.info[103.129.47.73]: -1
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: warning: TLS library problem: 13958:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: lost connection after STARTTLS from server2.vykupto.info[103.129.47.73]
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: disconnect from server2.vykupto.info[103.129.47.73]

Code: 
Mar  1 03:39:40 ocelot postfix/smtpd[13958]: connect from ccintl2.wc09.net[174.46.207.23]
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: SSL_accept error from ccintl2.wc09.net[174.46.207.23]: -1
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: warning: TLS library problem: 13958:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: lost connection after STARTTLS from ccintl2.wc09.net[174.46.207.23]
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: disconnect from ccintl2.wc09.net[174.46.207.23]

I have previously disabled legacy security versions and when I run a SSL Test against the server I am getting the following results:

Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

Is there a way that I can enable SSL2 for Postfix?
 
You could fiddle around with the smtpd_tls_protocols and smtpd_tls_mandatory_protocols in the /etc/postfix/main.cf to at least enable SSLv3 (that would most likely suffice to establish a connection with these two mailservers)

As for SSLv2, I strongly advice against using that and it will most likely not work anyway, due to beeing no longer available in your openssl library.
When it comes to security with SSLv3 - in regards of SMTP it's quite negligible, as the real SSLv3 Killer "Heartbleed" is not really applicable here. Nontheless, it's for sure not the most secure protocol nowadays and I would at least use a dedicated certificate (read: a certificate with a secure key not used anywhere else) for that
 
You must log in or register to reply here.

Similar threads

F
Issue Let's encrypt ssl trouble mailserver
Replies
1
Views
179
flint
F
M
Issue Postfix - warning: connect to transport private/plesk-domain.org.uk-123.145.167.189-: Connection refused
Replies
8
Views
1K
MHC_1
M
U
Question Postfix TLS issue
Replies
5
Views
3K
Kaspar
K
P
Resolved Issue receiving emails TLS library problem
Replies
8
Views
14K
DeWillem78
D
B
Issue ERROR MAIL error:0A000102:SSL
Replies
1
Views
4K
Peter Debik
P
Back
Top