Postfix 2.6.6 with TLS - unable to receive emails from GMail (and a couple of other MTAs) but others are OK, why?

ssl email postfix smtp cipher

Ultimately, this problem seems to be due to some senders still only being able to negotiate SSLv3. This is A Bad Thing, but not receiving emails is Also Not Great.

It is as simple as that really. I'm not happy with this, but if sending MTAs refuse to renegotiate to TLS, and just eternally retry with SSLv3, there's not much we can do for now.

So, for the time being, I've resorted to permitting incoming emails to be encrypted with SSLv3, but requiring all clients on the server to still have to authenticate via TLS.

I accomplished this by easing off the protocol negators in main.cf:

smtpd_tls_mandatory_protocols = !TLSv1, !SSLv2
smtpd_tls_protocols = !TLSv1, !SSLv2

NB that the smtp_tls_ definitions are for mail being sent from this server, so relate to client connections, so you can make these as strict as you like (as long as you're willing to explain to everyone how to set up their email clients):

smtp_tls_mandatory_protocols = !TLSv1, !SSLv2, !SSLv3
smtp_tls_protocols = !TLSv1, !SSLv2, !SSLv3

If sending MTAs are unable to negotiate TLS, expecting SSLv3, this is what you'll typically see in the maillog:

warning: TLS library problem: 364:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:647:

If you dial up the logging level, you'll see the TLS negotiation failing, with more messages like

postfix/smtpd[26234]: SSL_accept:before/accept initialization
postfix/smtpd[26234]: SSL_accept:error in SSLv2/v3 read client hello A
postfix/smtpd[26234]: SSL_accept error from 201-62-89-201.life.com.br[201.62.89.201]: -1

I've been testing periodically disallowing SSLv3 connections (inevitably the MTAs retry for many days), so you can allow a few failures to accrue in the logs then analyse them.

This bash script helps me analyse which servers are attempting to use SSLv3:

#!/bin/sh
egrep "SSL_accept error" /var/log/maillog | awk '{printf("%s %s %s\n", $9, $10, $11)}' | sort | uniq -c | sort -`

And this variation shows negotiated ciphers - so once you re-enable SSLv3, you can leave it for a while then confirm that MTAs are using SSLv3:

#!/bin/sh
egrep "TLS connection established from.*with cipher" /var/log/maillog | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | sort | uniq -c | sort -

I'm yet to find a better answer; I'd like to take a more nuanced approach and be able to selectively permit SSLv3 for certain MTAs depending on whether their connection attempts fail with certain errors in maillog. All comments / suggestions welcome.

Related

Bind DNS Forwarder With Delegated Sub Domain
puppet: merging lists of hashes?
Why same disk model but different capacity?
Run a 32-bit binary on Google Cloud Run
logging memory usage of each process
Why might `ls --color=always` be slow for a small directory?
How to change default audio track using FFmpeg?
Different free space filelight vs df -h
apt-get,dpkg not working in ubuntu20.4 [duplicate]
I can not recover files from trash
Nautilus open text file with vim and make terminal persist after closing
Mounting exfat drive as read/write