Skip to content

Instantly share code, notes, and snippets.

@angeloxx

angeloxx/postfix-disable-starttls-for-client.md

Last active September 13, 2018 18:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save angeloxx/6a9d4923100b7e0ae5354aff2f0312e3 to your computer and use it in GitHub Desktop.
Save angeloxx/6a9d4923100b7e0ae5354aff2f0312e3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
postfix-disable-starttls-for-client.md

Case

Sep 13 00:01:36 mail-c-eqs postfix/smtpd[20124]: SSL_accept error from xxxx.xxxxx.xxxx[xxx.xxx.xxx.xxx]: -1
Sep 13 00:01:36 mail-c-eqs postfix/smtpd[20124]: warning: TLS library problem: 20124:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293:
Sep 13 00:01:36 mail-c-eqs postfix/smtpd[20124]: lost connection after STARTTLS from xxxx.xxxxx.xxxx[xxx.xxx.xxx.xxx]
Sep 13 00:01:36 mail-c-eqs postfix/smtpd[20124]: disconnect from xxxx.xxxxx.xxxx[xxx.xxx.xxx.xxx]

Solution

  • disable starttls for specific client with this (mail.cf):

     smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/ehlo-map.cidr

  • and the map file:

     cat <<\EOF | tee /etc/postfix/ehlo-map.cidr
 83.138.xxx.xxx/32  starttls 
 212.100.xxx.xxx/32 starttls 
 83.138.xxx.xxx/32  starttls 
 212.100.xxx.xxx/32 starttls 
 212.100.xxx.xxx/32 starttls 
 EOF

I didn't found a way to solve in a more elegant way (with tls smtpd parameters)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment