TLS handshake error why ?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS handshake error why ?

Ethariel
Hello,

I'm running a postfix server (2.4.5). I've activated TLS :

smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom



smtpd_tls_auth_only is set to no due to some customers requests.

In master.cf I've also activated smtps (port 465) with wrapper :

smtps   inet    n       -       y       -       -       smtpd   -o      smtpd_tls_wrappermode=yes




Mail software can connect on port 465 with SSL ok.


Some external servers connect to deliver mail, use ehlo, see the STARTTLS and try to use it, but then they are rejected with "handshake error", and in my logs I can see
 "lost connection after STARTTLS from [mta_ip]".


I'm using auto-signed certificates, perhaps it's related.

Any idea ?

Right now to solve the problem I've changed : "smtpd_use_tls = no".
So client on TCP 465 is still ok, but external MTA don't try TLS anymore.

Thks for any help :)

Ethariel
Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Noel Jones-2
Ethariel wrote:

> Hello,
>
> I'm running a postfix server (2.4.5). I've activated TLS :
>
> smtpd_use_tls = yes
> #smtpd_tls_auth_only = yes
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
>
>
>
> smtpd_tls_auth_only is set to no due to some customers requests.
>
> In master.cf <http://master.cf> I've also activated smtps (port 465)
> with wrapper :
>
> smtps   inet    n       -       y       -       -       smtpd   -o      
> smtpd_tls_wrappermode=yes
>
>
>
>
> Mail software can connect on port 465 with SSL ok.
>
>
> Some external servers connect to deliver mail, use ehlo, see the
> STARTTLS and try to use it, but then they are rejected with "handshake
> error", and in my logs I can see
>  "lost connection after STARTTLS from [mta_ip]".
>
>
> I'm using auto-signed certificates, perhaps it's related.
>
> Any idea ?
>
> Right now to solve the problem I've changed : "smtpd_use_tls = no".
> So client on TCP 465 is still ok, but external MTA don't try TLS anymore.
>
> Thks for any help :)
>
> Ethariel

Do you have smtpd_tls_ask_ccert=yes in main.cf?  You shouldn't.

It's unlikely that your self-signed certificate is the problem.

If this is restricted to just a few clients with broken
software, you can use smtpd_discard_ehlo_keyword_address_maps
to disable STARTTLS for only those clients.

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Ethariel

Do you have smtpd_tls_ask_ccert=yes in main.cf?  You shouldn't.

It's unlikely that your self-signed certificate is the problem.

If this is restricted to just a few clients with broken software, you can use smtpd_discard_ehlo_keyword_address_maps to disable STARTTLS for only those clients.

--
Noel Jones

Hi,

# postconf | grep ask
smtpd_tls_ask_ccert = no

I've thougth about the discard_ehlo but it's for too many MTA. I really think I've got a misconfiguration, but can't figure which one :)

Thks for your help,

Ethariel
Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Victor Duchovni
On Fri, May 30, 2008 at 10:12:59AM +0200, Ethariel wrote:

> I've thougth about the discard_ehlo but it's for too many MTA. I really
> think I've got a misconfiguration, but can't figure which one :)

Your problem report is far too skimpy and anecdotal. You are not doing
the list a favour by sending only a brief summary of the problem.

Send one problem report that contains *detailed*, *unedited* information.

    - What version of OpenSSL are you using?
    - What version of Postfix?
    - Logs from a single problem session with "smtpd_tls_loglevel = 2"
    - URI for a binary session captured with "tcpdump -s 8192 -w /some/file",
      filtered to capture just the session of intereset with
      tcpdump -s 8192 -r /some/file -w /some/other/file ... filter ...
      where "filter" is a "tcpdump" expression that pulls out just one
      problem session.
    - Details of the server certificate from "openssl x509 -text" including
      the command used and its output.
    - Evidence that the cert and key match via output from below:

        $ openssl x509 -in "$cert" -x509toreq -signkey "$key" 2>/dev/null |
            openssl req -pubkey -noout 2>/dev/null |
            openssl dgst -sha1

        $ openssl rsa -in "$key" -pubout 2>/dev/null |
            openssl dgst -sha1

        (Replace "rsa" with "dsa" or "ec", in the for now very unlikely
         case that your key is not an RSA key, and having a non-RSA key/cert
         pair would likely explain your problem).
   
    - Full "postconf -n"

    - As much additional detail as may be relevant based on examining the
      requested evidence.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Ethariel


Your problem report is far too skimpy and anecdotal. You are not doing
the list a favour by sending only a brief summary of the problem.

Sorry for that, you're right it was a little short, I was hoping it's a well known problem.

   - What version of OpenSSL are you using?
0.9.8e-8.1
 
   - What version of Postfix?
2.4.5.2 from Mandriva rpm (in case there're some compile options specific).

 
   - Logs from a single problem session with "smtpd_tls_loglevel = 2"
    - URI for a binary session captured with "tcpdump -s 8192 -w /some/file",
     filtered to capture just the session of intereset with
     tcpdump -s 8192 -r /some/file -w /some/other/file ... filter ...
     where "filter" is a "tcpdump" expression that pulls out just one
     problem session.
For these I'll need a little bit of time, the server is now in production and I can't back to configuration with ssl support on port 25 right now.


 
   - Details of the server certificate from "openssl x509 -text" including
     the command used and its output.
 openssl x509 -text -in /etc/postfix/ssl/smtpd.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            eb:a1:6f:08:4c:42:a4:11
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=FR, ST=Tarn-et-Garonne, L=Montauban, O=ia-conseil, CN=srv001.ia-conseil.net/emailAddress=postmaster@...
        Validity
            Not Before: Jan 10 09:57:49 2008 GMT
            Not After : Jan  7 09:57:49 2018 GMT
        Subject: C=FR, ST=Tarn-et-Garonne, L=Montauban, O=ia-conseil, CN=srv001.ia-conseil.net/emailAddress=postmaster@...
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b4:69:d0:37:01:ec:bc:6a:8f:ab:b3:91:2e:7a:
                    ac:f7:12:e8:e0:4d:98:91:d9:b2:f1:0c:99:52:00:
                    ac:e0:dd:cd:3b:7f:4a:59:88:5f:2a:c1:70:65:99:
                    55:cc:b8:55:3c:2c:df:ff:2d:38:d9:48:10:0e:dd:
                    34:92:5c:32:18:56:43:0b:b7:58:b2:eb:0b:0f:87:
                    68:9e:8e:ef:76:a8:37:cd:bd:89:b2:72:f7:a4:dc:
                    8e:fa:c6:9a:ed:c1:86:a1:bf:ed:17:ba:45:ec:0e:
                    22:78:f9:4c:36:b7:4b:65:27:86:ef:c1:0e:db:78:
                    32:63:d5:ec:c9:33:f9:33:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:21:89:29:22:E7:E9:10:79:8B:21:AF:F8:64:AE:FC:A9:E3:D9:8E
            X509v3 Authority Key Identifier:
                keyid:84:21:89:29:22:E7:E9:10:79:8B:21:AF:F8:64:AE:FC:A9:E3:D9:8E
                DirName:/C=FR/ST=Tarn-et-Garonne/L=Montauban/O=ia-conseil/CN=srv001.ia-conseil.net/emailAddress=postmaster@...
                serial:EB:A1:6F:08:4C:42:A4:11

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        78:54:c6:b4:ca:21:98:4c:2a:74:ab:df:91:83:93:27:45:e5:
        8d:9b:a1:6c:7e:40:35:fd:30:3b:9b:0c:8c:25:8d:ef:79:9b:
        d9:23:a6:c6:b9:16:44:91:3e:cd:84:46:62:03:6a:04:6c:db:
        1e:dd:6c:cd:ce:42:a5:8d:23:b3:6b:7b:71:4b:3c:de:a7:f1:
        e8:7d:44:d3:a5:76:49:8f:d9:47:9c:fc:c5:3f:ef:3d:aa:f9:
        4e:75:86:7e:06:d7:89:01:9b:52:70:9f:c7:77:75:72:22:ac:
        e2:ba:ec:23:f8:ef:49:e6:62:72:af:2d:5a:15:3a:21:c0:96:
        55:3c
-----BEGIN CERTIFICATE-----
MIIDuDCCAyGgAwIBAgIJAOuhbwhMQqQRMA0GCSqGSIb3DQEBBQUAMIGaMQswCQYD
VQQGEwJGUjEYMBYGA1UECBMPVGFybi1ldC1HYXJvbm5lMRIwEAYDVQQHEwlNb250
YXViYW4xEzARBgNVBAoTCmlhLWNvbnNlaWwxHjAcBgNVBAMTFXNydjAwMS5pYS1j
b25zZWlsLm5ldDEoMCYGCSqGSIb3DQEJARYZcG9zdG1hc3RlckBpYS1jb25zZWls
Lm5ldDAeFw0wODAxMTAwOTU3NDlaFw0xODAxMDcwOTU3NDlaMIGaMQswCQYDVQQG
EwJGUjEYMBYGA1UECBMPVGFybi1ldC1HYXJvbm5lMRIwEAYDVQQHEwlNb250YXVi
YW4xEzARBgNVBAoTCmlhLWNvbnNlaWwxHjAcBgNVBAMTFXNydjAwMS5pYS1jb25z
ZWlsLm5ldDEoMCYGCSqGSIb3DQEJARYZcG9zdG1hc3RlckBpYS1jb25zZWlsLm5l
dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtGnQNwHsvGqPq7ORLnqs9xLo
4E2Ykdmy8QyZUgCs4N3NO39KWYhfKsFwZZlVzLhVPCzf/y042UgQDt00klwyGFZD
C7dYsusLD4dono7vdqg3zb2JsnL3pNyO+saa7cGGob/tF7pF7A4iePlMNrdLZSeG
78EO23gyY9XsyTP5M/ECAwEAAaOCAQIwgf8wHQYDVR0OBBYEFIQhiSki5+kQeYsh
r/hkrvyp49mOMIHPBgNVHSMEgccwgcSAFIQhiSki5+kQeYshr/hkrvyp49mOoYGg
pIGdMIGaMQswCQYDVQQGEwJGUjEYMBYGA1UECBMPVGFybi1ldC1HYXJvbm5lMRIw
EAYDVQQHEwlNb250YXViYW4xEzARBgNVBAoTCmlhLWNvbnNlaWwxHjAcBgNVBAMT
FXNydjAwMS5pYS1jb25zZWlsLm5ldDEoMCYGCSqGSIb3DQEJARYZcG9zdG1hc3Rl
ckBpYS1jb25zZWlsLm5ldIIJAOuhbwhMQqQRMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQEFBQADgYEAeFTGtMohmEwqdKvfkYOTJ0XljZuhbH5ANf0wO5sMjCWN73mb
2SOmxrkWRJE+zYRGYgNqBGzbHt1szc5CpY0js2t7cUs83qfx6H1E06V2SY/ZR5z8
xT/vPar5TnWGfgbXiQGbUnCfx3d1ciKs4rrsI/jvSeZicq8tWhU6IcCWVTw=
-----END CERTIFICATE-----



   - Evidence that the cert and key match via output from below:

       $ openssl x509 -in "$cert" -x509toreq -signkey "$key" 2>/dev/null |
           openssl req -pubkey -noout 2>/dev/null |
           openssl dgst -sha1
with cert == /etc/postfix/ssl/smtpd.crt
and key == /etc/postfix/ssl/smtpd.key

b5f01bcf78872e31177eeb03166fe1fff795de4b
 


       $ openssl rsa -in "$key" -pubout 2>/dev/null |
           openssl dgst -sha1
 
 b5f01bcf78872e31177eeb03166fe1fff795de4b

       (Replace "rsa" with "dsa" or "ec", in the for now very unlikely
        case that your key is not an RSA key, and having a non-RSA key/cert
        pair would likely explain your problem).

   - Full "postconf -n"


broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = lmtp-filter:127.0.0.1:10025
daemon_directory = /usr/lib/postfix
html_directory = /usr/share/doc/postfix/html
local_recipient_maps = $alias_maps unix:passwd.byname $virtual_mailbox_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = localhost,$myhostname
mydomain = linux.box
myhostname = srv001.ia-conseil.net
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
receive_override_options = no_address_mappings
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mandriva Linux)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
virtual_mailbox_domains = ldap:domain
virtual_mailbox_maps = ldap:accountsmap
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
 


   - As much additional detail as may be relevant based on examining the
     requested evidence.

Nearly all remote MTA sending "ehlo" and detecting "STARTTLS" try and failed to initialize the  secured communication.
From small company, big isp, from different unix system. So I can 't honestly blame all of them for the error.


--
       Viktor.
Thks for your time.

BRgds
Fabien

Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Victor Duchovni
On Mon, Jun 02, 2008 at 08:44:13PM +0200, Ethariel wrote:

>    - What version of OpenSSL are you using?
> >
> 0.9.8e-8.1

The stable release is 0.9.8g (or the just released 0.9.8h, but it is only
a few days old), but vendors tend to backport OpenSSL patches without
changing the patch level, so it is hard to tell what you've got, unless
you built it yourself. It is however, at least 0.9.8e.

> >    - What version of Postfix?
>
> 2.4.5.2 from Mandriva rpm (in case there're some compile options specific).

No serious TLS issues in 2.4.5.

>  openssl x509 -text -in /etc/postfix/ssl/smtpd.crt
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             eb:a1:6f:08:4c:42:a4:11
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=FR, ST=Tarn-et-Garonne, L=Montauban, O=ia-conseil, CN=
> srv001.ia-conseil.net/emailAddress=[hidden email]
>         Validity
>             Not Before: Jan 10 09:57:49 2008 GMT
>             Not After : Jan  7 09:57:49 2018 GMT
>         Subject: C=FR, ST=Tarn-et-Garonne, L=Montauban, O=ia-conseil, CN=
> srv001.ia-conseil.net/emailAddress=[hidden email]
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)

Looks like an ordinary self-signed sha1/RSA 1024 bit X.509v3 cert.

>    - Evidence that the cert and key match via output from below:
> >
> >        $ openssl x509 -in "$cert" -x509toreq -signkey "$key" 2>/dev/null |
> >            openssl req -pubkey -noout 2>/dev/null |
> >            openssl dgst -sha1
>
> with cert == /etc/postfix/ssl/smtpd.crt
> and key == /etc/postfix/ssl/smtpd.key
>
> b5f01bcf78872e31177eeb03166fe1fff795de4b
>
> >        $ openssl rsa -in "$key" -pubout 2>/dev/null |
> >            openssl dgst -sha1
>
>  b5f01bcf78872e31177eeb03166fe1fff795de4b

Good.

> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

Anything unusual there?

> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = no
> tls_random_source = dev:/dev/urandom

Looks fine.

> unknown_local_recipient_reject_code = 450

Use 550 on production systems.

> >    - As much additional detail as may be relevant based on examining the
> >      requested evidence.
> >
>
> Nearly all remote MTA sending "ehlo" and detecting "STARTTLS" try and failed
> to initialize the  secured communication.
> From small company, big isp, from different unix system. So I can 't
> honestly blame all of them for the error.

What is in front of your SMTP server (firewalls, ...)? Can't help you much unless
you find a test window to try TLS again and report detailed evidence. Do take
a look at your firewalls.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Ethariel
Hello,


The stable release is 0.9.8g (or the just released 0.9.8h, but it is only
a few days old), but vendors tend to backport OpenSSL patches without
changing the patch level, so it is hard to tell what you've got, unless
you built it yourself. It is however, at least 0.9.8e.

I haven't built it myself, it's from default rpm (that's also why there a version late).


> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

Anything unusual there?

Nothing I think about, do you want any test on this file ?


> unknown_local_recipient_reject_code = 450

Use 550 on production systems.

Updated.
 

What is in front of your SMTP server (firewalls, ...)? Can't help you much unless
you find a test window to try TLS again and report detailed evidence. Do take
a look at your firewalls.

There a firewall. I haven't found any clue in the log.
This week-end I'll try to set back TLS on port 25, and log  failures on the server, as well as a tcpdump.

Thks

Ethariel
Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Ethariel

Hello,

I've, perhaps, found the error.
The server name's (and so certificate) is srv001.domain.tld. But this server is hosting several domains (virtual domains under postfix with ldap). And the requested conf was to set as MX for each domain mx1.domain_1.tld, mx1.domain_2.tld, and so.

So when a remote server is connecting, it's expecting to receive a certificat from mx1.domain_1.tld (for example) and the certificate is for srv001.domain.tld. Perhaps it's the reason of TLS handshake error.

Is it possible ?

And if yes, is there a way to present a certificate for each hosted domain ?

Thks again

Ethariel
Reply | Threaded
Open this post in threaded view
|

Re: TLS handshake error why ?

Victor Duchovni
On Wed, Jun 04, 2008 at 07:34:55PM +0200, Ethariel wrote:

> The server name's (and so certificate) is srv001.domain.tld. But this server
> is hosting several domains (virtual domains under postfix with ldap). And
> the requested conf was to set as MX for each domain mx1.domain_1.tld,
> mx1.domain_2.tld, and so.

SMTP TLS certificates are not by default expected to contain any useful
information beyond the server's public key. Sites that attempt verification,
without prior arrangement, cut themselves off from the vast majority of
TLS enabled SMTP servers.

> So when a remote server is connecting, it's expecting to receive a
> certificat from mx1.domain_1.tld (for example) and the certificate is for
> srv001.domain.tld. Perhaps it's the reason of TLS handshake error.

> Is it possible ?

Extremely unlikely. Why would they care about names found in self-signed
certs? Do capture the requested "tcpdump" (full size, raw binary packet)
trace.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.