Very strange problem : "lost connection after UNKNOWN"

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Very strange problem : "lost connection after UNKNOWN"

Denis BUCHER
Dear all,

I have a very strange problem with our postfix server. It has been working for years without problem, but suddenly we started to have errors with SMTP connexions from outside.

On the client side (we tested with Thunderbird and Outlook), the connection lasts many minutes before showing a timeout error.

On the server side, the logs are always the same :
  • Dec 16 21:42:33 svrmail postfix/smtpd[8531]: connect from x-x.195-178.cust.bluewin.ch[178.195.x.x]
  • Dec 16 21:44:41 svrmail postfix/smtpd[8531]: lost connection after UNKNOWN from x-x.195-178.cust.bluewin.ch[178.195.x.x]
  • Dec 16 21:44:41 svrmail postfix/smtpd[8531]: disconnect from x-x.195-178.cust.bluewin.ch[178.195.x.x]
But the most strange point is that if I do "telnet ip_of_server 465" I am immediately connected, and can use normal SMTP commands.

The configuration that used to work was :
  • Port 465
  • SSL/TLS
  • Authentication : password
Does someone has an idea about what could be the cause of such a strange problem ?

Does it has something to do with SSL/TLS ?

Really, any help or advice wi

Denis





Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

Erwan David
Le 16/12/2013 22:05, (lists) Denis BUCHER a écrit :

> Dear all,
>
> I have a very strange problem with our postfix server. It has been
> working for years without problem, but suddenly we started to have
> errors with SMTP connexions from outside.
>
> On the client side (we tested with Thunderbird and Outlook), the
> connection lasts many minutes before showing a timeout error.
>
> On the server side, the logs are always the same :
>
>   * Dec 16 21:42:33 svrmail postfix/smtpd[8531]: connect from
>     x-x.195-178.cust.bluewin.ch[178.195.x.x]
>   * Dec 16 21:44:41 svrmail postfix/smtpd[8531]: lost connection after
>     UNKNOWN from x-x.195-178.cust.bluewin.ch[178.195.x.x]
>   * Dec 16 21:44:41 svrmail postfix/smtpd[8531]: disconnect from
>     x-x.195-178.cust.bluewin.ch[178.195.x.x]
>
> But the most strange point is that if I do "telnet ip_of_server 465" I
> am immediately connected, and can use normal SMTP commands.
>
> The configuration that used to work was :
>
>   * Port 465
>   * SSL/TLS
>   * Authentication : password
>
> Does someone has an idea about what could be the cause of such a
> strange problem ?
>
> Does it has something to do with SSL/TLS ?
>
> Really, any help or advice wi
>
> Denis
>
>
>
>
>

Are you sure your clients connect directly to postfix ?

No proxy, no anti-virus that could hijack the connection and behave
incorrectly with SSL/TLS ?


Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

Wietse Venema
In reply to this post by Denis BUCHER
(lists) Denis BUCHER:
> But the most strange point is that if I do "telnet ip_of_server 465" I
> am immediately connected, and can use normal SMTP commands.

That is absolutely wrong.

Someone screwed up and removed the "-o smtpd_tls_wrappermode=yes"
from the "smtps" entry in the Postfix master.cf file.

The port 465 (smtps) service must not support plaintext communication
(such as connecting with telnet).

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

Denis BUCHER
Le 16.12.2013 22:16, Wietse Venema a écrit :
> Denis BUCHER:
>> But the most strange point is that if I do "telnet ip_of_server 465" I
>> am immediately connected, and can use normal SMTP commands.
> That is absolutely wrong.
> Someone screwed up and removed the "-o smtpd_tls_wrappermode=yes"
> from the "smtps" entry in the Postfix master.cf file.
> The port 465 (smtps) service must not support plaintext communication
> (such as connecting with telnet).
Dear Wietse,

OK thank you for your hint, I will change that, but do you think it will
solve the problem, or is this something different ?

Thanks a lot !

Denis

Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

Denis BUCHER
In reply to this post by Erwan David
Le 16.12.2013 22:08, Erwan David a écrit :

> Le 16/12/2013 22:05, (lists) Denis BUCHER a écrit :
>> Dear all,
>>
>> I have a very strange problem with our postfix server. It has been
>> working for years without problem, but suddenly we started to have
>> errors with SMTP connexions from outside.
>>
>> On the client side (we tested with Thunderbird and Outlook), the
>> connection lasts many minutes before showing a timeout error.
>>
>> On the server side, the logs are always the same :
>>
>>    * Dec 16 21:42:33 svrmail postfix/smtpd[8531]: connect from
>>      x-x.195-178.cust.bluewin.ch[178.195.x.x]
>>    * Dec 16 21:44:41 svrmail postfix/smtpd[8531]: lost connection after
>>      UNKNOWN from x-x.195-178.cust.bluewin.ch[178.195.x.x]
>>    * Dec 16 21:44:41 svrmail postfix/smtpd[8531]: disconnect from
>>      x-x.195-178.cust.bluewin.ch[178.195.x.x]
>>
>> But the most strange point is that if I do "telnet ip_of_server 465" I
>> am immediately connected, and can use normal SMTP commands.
>>
>> The configuration that used to work was :
>>
>>    * Port 465
>>    * SSL/TLS
>>    * Authentication : password
>>
>> Does someone has an idea about what could be the cause of such a
>> strange problem ?
>>
>> Does it has something to do with SSL/TLS ?
> Are you sure your clients connect directly to postfix ?
>
> No proxy, no anti-virus that could hijack the connection and behave
> incorrectly with SSL/TLS ?
Dear Erwan,

Yes I am almost sure, I also thought about that, but normally the only
device that is between the outside world and postfix is the firewall,
and normally it doesn't do any analysis on the connection...

Is there a way to check what happens really on the connection ?

Denis

Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

lists@rhsoft.net


Am 21.12.2013 20:14, schrieb (lists) Denis BUCHER:

> Le 16.12.2013 22:08, Erwan David a écrit :
>> Le 16/12/2013 22:05, (lists) Denis BUCHER a écrit :
>>> Dear all,
>>>
>>> I have a very strange problem with our postfix server. It has been
>>> working for years without problem, but suddenly we started to have
>>> errors with SMTP connexions from outside.
>>>
>>> On the client side (we tested with Thunderbird and Outlook), the
>>> connection lasts many minutes before showing a timeout error.
>>>
>>> On the server side, the logs are always the same :
>>>
>>>    * Dec 16 21:42:33 svrmail postfix/smtpd[8531]: connect from
>>>      x-x.195-178.cust.bluewin.ch[178.195.x.x]
>>>    * Dec 16 21:44:41 svrmail postfix/smtpd[8531]: lost connection after
>>>      UNKNOWN from x-x.195-178.cust.bluewin.ch[178.195.x.x]
>>>    * Dec 16 21:44:41 svrmail postfix/smtpd[8531]: disconnect from
>>>      x-x.195-178.cust.bluewin.ch[178.195.x.x]
>>>
>>> But the most strange point is that if I do "telnet ip_of_server 465" I
>>> am immediately connected, and can use normal SMTP commands.
>>>
>>> The configuration that used to work was :
>>>
>>>    * Port 465
>>>    * SSL/TLS
>>>    * Authentication : password
>>>
>>> Does someone has an idea about what could be the cause of such a
>>> strange problem ?
>>>
>>> Does it has something to do with SSL/TLS ?
>> Are you sure your clients connect directly to postfix ?
>>
>> No proxy, no anti-virus that could hijack the connection and behave
>> incorrectly with SSL/TLS ?
> Dear Erwan,
>
> Yes I am almost sure, I also thought about that, but normally the only device that is between the outside world and
> postfix is the firewall, and normally it doesn't do any analysis on the connection...
>
> Is there a way to check what happens really on the connection?

fix the wrong configuration that Port 465 accepts unencrypted connections
no mail client ever will connect without a TLS handshake on 465 which
*must* fail in your configuration

Am 21.12.2013 20:10, schrieb (lists) Denis BUCHER:> Le 16.12.2013 22:16, Wietse Venema a écrit :

>> Denis BUCHER:
>>> But the most strange point is that if I do "telnet ip_of_server 465" I
>>> am immediately connected, and can use normal SMTP commands.
>> That is absolutely wrong.
>> Someone screwed up and removed the "-o smtpd_tls_wrappermode=yes"
>> from the "smtps" entry in the Postfix master.cf file.
>> The port 465 (smtps) service must not support plaintext communication
>> (such as connecting with telnet).
> Dear Wietse,
>
> OK thank you for your hint, I will change that, but do you think it will
> solve the problem, or is this something different?

most likely

the client starts a encrypted connection which fails in your case
read about the differnece between TLS and STARTTLS
port 465 is *not* STARTTLS
Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

Wietse Venema
In reply to this post by Denis BUCHER
(lists) Denis BUCHER:

> Le 16.12.2013 22:16, Wietse Venema a ?crit :
> > Denis BUCHER:
> >> But the most strange point is that if I do "telnet ip_of_server 465" I
> >> am immediately connected, and can use normal SMTP commands.
> > That is absolutely wrong.
> > Someone screwed up and removed the "-o smtpd_tls_wrappermode=yes"
> > from the "smtps" entry in the Postfix master.cf file.
> > The port 465 (smtps) service must not support plaintext communication
> > (such as connecting with telnet).
> Dear Wietse,
>
> OK thank you for your hint, I will change that, but do you think it will
> solve the problem, or is this something different ?

You MUST turn on smtpd_tls_wrappermode on the port 465 service.

There MAY be more problems with your configuration.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

Denis BUCHER
Hello,

Le 21.12.2013 23:47, Wietse Venema a écrit :

> Denis BUCHER:
>> Le 16.12.2013 22:16, Wietse Venema a ?crit :
>>> Denis BUCHER:
>>>> But the most strange point is that if I do "telnet ip_of_server 465" I
>>>> am immediately connected, and can use normal SMTP commands.
>>> That is absolutely wrong.
>>> Someone screwed up and removed the "-o smtpd_tls_wrappermode=yes"
>>> from the "smtps" entry in the Postfix master.cf file.
>>> The port 465 (smtps) service must not support plaintext communication
>>> (such as connecting with telnet).
>> Dear Wietse,
>>
>> OK thank you for your hint, I will change that, but do you think it will
>> solve the problem, or is this something different ?
> You MUST turn on smtpd_tls_wrappermode on the port 465 service.
>
> There MAY be more problems with your configuration.
Yes I can confirm that now it is working ! What's strange is that (as
far as I know) it used to work before...

Thanks a lot to everyone for the help :-)

Denis

Reply | Threaded
Open this post in threaded view
|

Re: Very strange problem : "lost connection after UNKNOWN"

lists@rhsoft.net


Am 22.12.2013 15:40, schrieb (lists) Denis BUCHER:
> Le 21.12.2013 23:47, Wietse Venema a écrit :
>> You MUST turn on smtpd_tls_wrappermode on the port 465 service.
>>
>> There MAY be more problems with your configuration
>
> Yes I can confirm that now it is working!

good

> What's strange is that (as far as I know) it used to work before...

for sure not, not with any standard mail-client because they all
use 465 if you switch to SSL-mode and in that case they all expect
the server accepting SSL handshakes and not STARTLS

the clients which prefer STARTTLS switch to port 587 or stay
by stupidity on 25 which supports STARTTLS in most cases as
well while it should not be used for client submission

it may have worked before if someone switched to STARTTLS and
manually changed the port to 465 but not in default clients configs