Server returned error: "TLS Negotiation failed, the certificate doesn't match the host., code: 0"

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Server returned error: "TLS Negotiation failed, the certificate doesn't match the host., code: 0"

nicolasciuffo
Hello,i am a relatively new postfix user
I have problems in the configuration and I would like to share opinions
From already thank you very much

I use RHEL8.2 with postfix-3.3.1-12 and openssl-1.1.1c-15
after switching from google to TLS, i can't send with an alias from gmail.

I include log

May 19 18:41:16 correo postfix/submission/smtpd[164723]: setting up TLS
connection from mail-pl1-f180.google.com[209.85.214.180]
May 19 18:41:16 correo postfix/submission/smtpd[164723]:
mail-pl1-f180.google.com[209.85.214.180]: TLS cipher list
"kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!EXP:!MEDIUM:!LOW:!DES:!3DES:!SSLv2:!SSLv3"
May 19 18:41:16 correo postfix/submission/smtpd[164723]: SSL_accept:before
SSL initialization
May 19 18:41:16 correo postfix/submission/smtpd[164723]: SSL_accept:before
SSL initialization
May 19 18:41:16 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS read client hello
May 19 18:41:16 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS write server hello
May 19 18:41:16 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS write change cipher spec
May 19 18:41:16 correo postfix/submission/smtpd[164723]: SSL_accept:TLSv1.3
write encrypted extensions
May 19 18:41:16 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS write certificate
May 19 18:41:16 correo postfix/submission/smtpd[164723]: SSL_accept:TLSv1.3
write server certificate verify
May 19 18:41:16 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS write finished
May 19 18:41:16 correo postfix/submission/smtpd[164723]: SSL_accept:TLSv1.3
early data
May 19 18:41:17 correo postfix/submission/smtpd[164723]: SSL_accept:TLSv1.3
early data
May 19 18:41:17 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS read finished
May 19 18:41:17 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS write session ticket
May 19 18:41:17 correo postfix/submission/smtpd[164723]:
SSL_accept:SSLv3/TLS write session ticket
May 19 18:41:17 correo postfix/submission/smtpd[164723]: Anonymous TLS
connection established from mail-pl1-f180.google.com[209.85.214.180]:
TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
May 19 18:41:17 correo postfix/submission/smtpd[164723]: lost connection
after STARTTLS from mail-pl1-f180.google.com[209.85.214.180]
May 19 18:41:17 correo postfix/submission/smtpd[164723]: disconnect from
mail-pl1-f180.google.com[209.85.214.180] ehlo=1 starttls=1 commands=2

With other email clients, STARTLS 587 works without problems

May 19 18:44:21 correo postfix/submission/smtpd[164867]: initializing the
server-side TLS engine
May 19 18:44:21 correo postfix/submission/smtpd[164867]: warning: hostname
host-cotesma-114-143-100.smandes.com.ar does not resolve to address
181.114.143.100: Name or service not known
May 19 18:44:21 correo postfix/submission/smtpd[164867]: connect from
unknown[181.114.143.100]
May 19 18:44:21 correo postfix/submission/smtpd[164867]: setting up TLS
connection from unknown[181.114.143.100]
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
unknown[181.114.143.100]: TLS cipher list
"kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!EXP:!MEDIUM:!LOW:!DES:!3DES:!SSLv2:!SSLv3"
May 19 18:44:21 correo postfix/submission/smtpd[164867]: SSL_accept:before
SSL initialization
May 19 18:44:21 correo postfix/submission/smtpd[164867]: SSL_accept:before
SSL initialization
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS read client hello
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS write server hello
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS write certificate
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS write key exchange
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS write server done
May 19 18:44:21 correo cyrus/pop3[164825]: USAGE cabelmont user: 0.001622
sys: 0.002688
May 19 18:44:21 correo cyrus/pop3[164825]: counts: retr=<1> top=<0> dele=<0>
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS write server done
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS read client key exchange
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS read change cipher spec
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS read finished
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS write change cipher spec
May 19 18:44:21 correo postfix/submission/smtpd[164867]:
SSL_accept:SSLv3/TLS write finished
May 19 18:44:21 correo postfix/submission/smtpd[164867]: Anonymous TLS
connection established from unknown[181.114.143.100]: TLSv1.2 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
May 19 18:44:22 correo postfix/submission/smtpd[164867]: disconnect from
unknown[181.114.143.100] ehlo=2 starttls=1 auth=1 quit=1 commands=5

Any ideas?
Appreciate kindly help.
Regards



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html