• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue TLS Errors in maillog

Staniel

Staniel

New Pleskian
Hello,

I have had one of my client's contact me regarding non-delivery of emails from a certain email address I have checked the MagicSpam logs and I can't see any mail being stopped in the SMTP layer. I have checked the maillog and I have found several instances in the log:

Code: 
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: SSL_accept error from server2.vykupto.info[103.129.47.73]: -1
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: warning: TLS library problem: 13958:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: lost connection after STARTTLS from server2.vykupto.info[103.129.47.73]
Mar  1 03:39:20 ocelot postfix/smtpd[13958]: disconnect from server2.vykupto.info[103.129.47.73]

Code: 
Mar  1 03:39:40 ocelot postfix/smtpd[13958]: connect from ccintl2.wc09.net[174.46.207.23]
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: SSL_accept error from ccintl2.wc09.net[174.46.207.23]: -1
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: warning: TLS library problem: 13958:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: lost connection after STARTTLS from ccintl2.wc09.net[174.46.207.23]
Mar  1 03:39:41 ocelot postfix/smtpd[13958]: disconnect from ccintl2.wc09.net[174.46.207.23]

I have previously disabled legacy security versions and when I run a SSL Test against the server I am getting the following results:

Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

Is there a way that I can enable SSL2 for Postfix?
 
You could fiddle around with the smtpd_tls_protocols and smtpd_tls_mandatory_protocols in the /etc/postfix/main.cf to at least enable SSLv3 (that would most likely suffice to establish a connection with these two mailservers)

As for SSLv2, I strongly advice against using that and it will most likely not work anyway, due to beeing no longer available in your openssl library.
When it comes to security with SSLv3 - in regards of SMTP it's quite negligible, as the real SSLv3 Killer "Heartbleed" is not really applicable here. Nontheless, it's for sure not the most secure protocol nowadays and I would at least use a dedicated certificate (read: a certificate with a secure key not used anywhere else) for that
 
You must log in or register to reply here.

Similar threads

U
Question Postfix TLS issue
Replies
5
Views
2K
Kaspar
K
P
Resolved Issue receiving emails TLS library problem
Replies
8
Views
10K
DeWillem78
D
B
Issue ERROR MAIL error:0A000102:SSL
Replies
1
Views
3K
Peter Debik
P
V
Issue Mail settings for Nextcloud Extension (local Plesk/Postfix as relay)
Replies
0
Views
1K
Volans
V
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
2K
Tessxr
T
Back
Top