postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Upgrade from 2.4.5 to 2.7.1 and MS Outlook cl

Re: Upgrade from 2.4.5 to 2.7.1 and MS Outlook clients

From: Laurent CARON <lcaron_at_nospam>
Date: Tue Oct 26 2010 - 16:48:28 GMT
To: postfix-users@postfix.org

On Tue, Oct 26, 2010 at 11:40:49AM +0200, Laurent CARON wrote:
> I did upgrade a mail server from postfix 2.4.5 to 2.7.1.
>
> Unfortunately Outlook MUA is unable to send email through.
>
> I get the following error:
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: connect from unknown[192.168.14.249]
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: setting up TLS connection from unknown[192.168.14.249]
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: unknown[192.168.14.249]: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!aNULL"
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:before/accept initialization
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 read client hello A
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 write server hello A
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 write certificate A
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 write certificate request B
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept:SSLv3 flush data
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: SSL_accept error from unknown[192.168.14.249]: -1
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: lost connection after STARTTLS from unknown[192.168.14.249]
> Oct 26 11:34:06 sargon postfix/smtpd[23238]: disconnect from unknown[192.168.14.249]

I'm now "playing" with ssldump:

1 1 0.0089 (0.0089) C>S SSLv2 compatible client hello
  Version 3.1
  cipher suites
  TLS_RSA_WITH_RC4_128_MD5
  TLS_RSA_WITH_RC4_128_SHA
  TLS_RSA_WITH_3DES_EDE_CBC_SHA
  SSL2_CK_RC4
  SSL2_CK_3DES
  SSL2_CK_RC2
  TLS_RSA_WITH_DES_CBC_SHA
  SSL2_CK_DES
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  TLS_RSA_EXPORT_WITH_RC4_40_MD5
  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  SSL2_CK_RC4_EXPORT40
  SSL2_CK_RC2_EXPORT40
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  TLS_DHE_DSS_WITH_DES_CBC_SHA
  TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
1 2 0.0517 (0.0427) S>CV3.1(74) Handshake
      ServerHello
        Version 3.1
        random[32]=
          4c c7 04 10 34 52 95 69 63 97 8a 46 80 d4 1f 4e
          b6 c1 54 e7 c3 0c 58 22 42 42 36 56 6b a7 cc d9
        session_id[32]=
          43 ab 8f cc 75 d1 8e 77 ab 07 60 7a 42 ce a3 39
          68 3d bb 12 0f a9 d7 a6 82 b8 d5 b0 0c 1b 21 ec
        cipherSuite TLS_RSA_WITH_RC4_128_MD5
        compressionMethod NULL
1 3 0.0517 (0.0000) S>CV3.1(1650) Handshake
      Certificate
        Subject
          C=FR
          O=mail.lncsa.com
          OU=GT77022724
          OU=See www.rapidssl.com
          resources
          cps (c)09
          OU=Domain Control Validated - RapidSSL(R)
          CN=mail.lncsa.com
        Issuer
          C=US
          O=Equifax Secure Inc.
          CN=Equifax Secure Global eBusiness CA-1
        Serial 0a b1 a8
        Extensions
          Extension: X509v3 Key Usage
                    Critical
          Extension: X509v3 Subject Key Identifier
          Extension: X509v3 CRL Distribution Points
          Extension: X509v3 Authority Key Identifier
          Extension: X509v3 Extended Key Usage
          Extension: X509v3 Basic Constraints
                    Critical
        Subject
          C=US
          O=Equifax Secure Inc.
          CN=Equifax Secure Global eBusiness CA-1
        Issuer
          C=US
          O=Equifax Secure Inc.
          CN=Equifax Secure Global eBusiness CA-1
        Serial 01
        Extensions
          Extension: Netscape Cert Type
          Extension: X509v3 Basic Constraints
                    Critical
          Extension: X509v3 Authority Key Identifier
          Extension: X509v3 Subject Key Identifier
ERROR: Length mismatch

Do any of the postfix guru out there have a clue about what's going on ?