View previous topic :: View next topic |
Author |
Message |
lostinspace2011 Apprentice
Joined: 09 Sep 2005 Posts: 230
|
Posted: Tue Apr 23, 2019 11:04 am Post subject: Postfix and Outlook - SSL error |
|
|
I have my postfix server configured and secured as far as I can tell. However when trying to send an email using Outlook or Windows Mail the following error is reported in the mail.log
Quote: | Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:before/accept initialization
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read client hello A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write server hello A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write change cipher spec A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write finished A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 flush data
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read finished A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL3 alert write:fatal:bad record mac
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: warning: TLS library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:535:
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:before/accept initialization
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read client hello A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write server hello A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write change cipher spec A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write finished A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 flush data
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read finished A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL3 alert write:fatal:bad record mac
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: warning: TLS library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:535: |
Here is the extract from mail.cf
Code: | smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /var/lib/letsencrypt/domain.key
smtpd_tls_cert_file = /var/lib/letsencrypt/signed.pem
smtpd_tls_CAfile = /var/lib/letsencrypt/intermediate.pem
smtpd_tls_loglevel = 9
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
#Outbound
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1
#enforce the server cipher preference
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom |
I am confused as it is working on other clients. Also why does the log still refer to SSLv3, which I believe has been disabled.
Any pointers on what could be causing this are much appreciated. |
|
Back to top |
|
|
lostinspace2011 Apprentice
Joined: 09 Sep 2005 Posts: 230
|
Posted: Tue Apr 23, 2019 11:36 am Post subject: |
|
|
I ended up resetting the windows firewall and this fixed the issue. Rather strange as this was on a fresh installation. Maybe removing McAffee did something to the firewall rules |
|
Back to top |
|
|
lostinspace2011 Apprentice
Joined: 09 Sep 2005 Posts: 230
|
Posted: Wed Apr 24, 2019 1:27 am Post subject: |
|
|
Spoke too soon. While this seem to have addressed the problem in the short term. My issue came back. I think this is something on the windows side rather then postfix as it only happens from one computer. Another computer running windows 10 works without issues. |
|
Back to top |
|
|
lostinspace2011 Apprentice
Joined: 09 Sep 2005 Posts: 230
|
Posted: Fri Apr 26, 2019 5:40 am Post subject: |
|
|
I made some further progress on this issue. The problem is only present when connected via WIFI. When using my ethernet port all emails are delivered as normal. I have
Reset the router
Verified there are no special rules configured on the router
Reset the windows firewall rules to default
Disabled the windows firewall
Used the McAffee removal tool to ensure there is nothing left behind
Changed my IP address
Switched between public and private network
Tried using an external SMTP service which presented the same failures.
So far none of these allow me to complete sending the message. The connection to the server is made, but as soon as the DATA section of the email is transmitted the connection is terminated. This seems to only happen when connected over WIFI. |
|
Back to top |
|
|
lostinspace2011 Apprentice
Joined: 09 Sep 2005 Posts: 230
|
|
Back to top |
|
|
lostinspace2011 Apprentice
Joined: 09 Sep 2005 Posts: 230
|
|
Back to top |
|
|
|