Topic: SSL_accept error from
Hi, and thank you for the wonderful mail server
The server is refusing email from amazonaws with the following error
Mar 7 10:28:33 mail postfix/submission/smtpd[175632]: connect from (servername).compute.amazonaws.com[IP address]
Mar 7 10:28:33 mail postfix/submission/smtpd[175632]: SSL_accept error from (servername).compute.amazonaws.com[IP address]: -1
Mar 7 10:43:43 mail postfix/submission/smtpd[176492]: warning: TLS library problem: error:03000098:digital envelope routines::invalid digest:crypto/evp/m_sigver.c:343:
Mar 7 10:43:43 mail postfix/submission/smtpd[176492]: warning: TLS library problem: error:0A0C0103:SSL routines::internal error:ssl/statem/statem_srvr.c:2684:
Mar 7 10:28:33 mail postfix/submission/smtpd[175632]: lost connection after STARTTLS from (servername).compute.amazonaws.com[IP address]
10:43:43 mail postfix/submission/smtpd[176492]: disconnect from (servername).compute.amazonaws.com[IP address] ehlo=1 starttls=0/1 commands=1/2
I have let's encrypt certificate and it is valid
OpenSSL 3.0.1
command openssl s_client -connect google.com:443 -tls1_2
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
0 s:CN = *.google.com
i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 20 09:13:15 2023 GMT; NotAfter: May 15 09:13:14 2023 GMT
1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 13 00:00:42 2020 GMT; NotAfter: Sep 30 00:00:42 2027 GMT
2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=CN = *.google.com
issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6968 bytes and written 292 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-CHACHA20-POLY1305
Session-ID
Session-ID-ctx:
Master-Key: XXXXXXXXX
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
Start Time: 1678146511
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
80DB7E577A7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:308:
Please assist
----------------------------------------------------------
- iRedMail version (check /etc/iredmail-release): 1.6.2 MARIADB edition.
- Deployed with iRedMail downloadable installer
- Linux/BSD distribution name and version:
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
- Web server Nginx
- Manage mail accounts with iRedAdmin
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.