Issue warning: TLS library problem: error:140760FC

[falens]

hi

all my domain with Outlook 2007 can't send email with error :

your server does not support the connection encryption type you have specified bla bla bla.

I've tried with all port (25, 465 and 587) with None, SSL or TLS but still failed.

this is last log /var/log/maillog :

Jan 30 19:52:20 vps postfix/smtpd[15278]: connect from unknown[xxx.xxx.xxx.xxx]
Jan 30 19:52:20 vps postfix/smtpd[15278]: SSL_accept error from unknown[xxx.xxx.xxx.xxx]: -1
Jan 30 19:52:20 vps postfix/smtpd[15278]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Jan 30 19:52:20 vps postfix/smtpd[15278]: lost connection after STARTTLS from unknown[xxx.xxx.xxx.xxx]
Jan 30 19:52:20 vps postfix/smtpd[15278]: disconnect from unknown[180.251.229.202] ehlo=1 starttls=0/1 commands=1/2

but from Outlook 2016 there's no problem with port 465 SSL or 587 STARTTLS, can't send if using 587 TLS

I've tried changed in /etc/postfix/main.cf but still failed, anyone can help me please.

I'm using Plesk Obsidian 18.0.33.0

thank you

Fahmi

 

[falens]

hi,

it looks like the same as case this, only different mail client displays the error, and still failed.

# rpm -Uhv ca-certificates-2010.63-3.el6_1.5.noarch
error: open of ca-certificates-2010.63-3.el6_1.5.noarch failed: No such file or directory

thanks

Fahmi

 

[Bitpalast]

It looks like you are on CentOS 6? In that case your root certificates might not have been updated and expired, because the operating system was end of life November 30th, 2020. Just a guess.

 

[falens]

It looks like you are on CentOS 6? In that case your root certificates might not have been updated and expired, because the operating system was end of life November 30th, 2020. Just a guess.

hi Peter,

thanks for your reply.

I'm using :
OS CentOS Linux 7.9.2009 (Core)
Product Plesk Obsidian
Version 18.0.33, last updated on Jan 30, 2021 10:56 AM

problems still occur even though it has been updated to the latest version

thank you

 

[Bitpalast]

Second guess is that your Outlook tries to connect using a TLSv1 protocol, that was disabled on your server. Maybe you have applied additional security rules?

How to enable/disable TLS protocol versions in Plesk for Linux

Applicable to: Plesk for Linux Question How to enable/disable TLS protocol versions in Plesk for Linux? Answer Connect to a Plesk server via SSH. Use the plesk bin server_pref utility to man...

support.plesk.com

 

[falens]

Second guess is that your Outlook tries to connect using a TLSv1 protocol, that was disabled on your server. Maybe you have applied additional security rules?

How to enable/disable TLS protocol versions in Plesk for Linux

Applicable to: Plesk for Linux Question How to enable/disable TLS protocol versions in Plesk for Linux? Answer Connect to a Plesk server via SSH. Use the plesk bin server_pref utility to man...

support.plesk.com

hi Peter,

the previous config was :
TLSv1.2 TLSv1.3

and I changed it to :

smtpd_tls_mandatory_protocols = TLSv1.1 TLSv1.2
smtpd_tls_protocols = TLSv1.1 TLSv1.2

I have read the article before then applied it but it is still a problem, here is my config :

inet_interfaces = all
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
alias_maps = hash:/etc/aliases, nis:mail.aliases, hash:/var/spool/postfix/plesk/aliases
transport_maps = , hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
tls_server_sni_maps = hash:/var/spool/postfix/plesk/certs
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
#smtpd_timeout = 3600s
#smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks =
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client sbl.spamhaus.org
authorized_flush_users =
authorized_mailq_users =
mydestination = localhost.$mydomain, localhost, localhost.localdomain
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:30
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
message_size_limit = 20971520
mailbox_size_limit = 0
virtual_mailbox_limit = 0
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
smtpd_tls_mandatory_protocols = TLSv1.1 TLSv1.2
smtpd_tls_protocols = TLSv1.1 TLSv1.2
recipient_canonical_maps = tcp:127.0.0.1:12346
recipient_canonical_classes = envelope_recipient,header_recipient
recipient_delimiter =

thanks