I have setup a postfix server with dovecot, and i can connect and send emails fine. The only problem i have is when i try and receive emails; Sometimes google (test account) connects, but when it does, i get an SSL-ACCEPT error.
myhostname = mail.[redacted].us
myorigin = /etc/mailname
mydestination = mail.[redacted].us, [redacted].us, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.[redacted].us/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.[redacted].us/privkey.pem
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
codesmtp inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
An excerpt from my logs:
May 7 13:12:29 xeanto postfix/submission/smtpd[12746]: SSL_accept error from mail-wm0-f48.google.com[74.125.82.48]: lost connection
May 7 13:12:29 xeanto postfix/submission/smtpd[12746]: lost connection after CONNECT from mail-wm0-f48.google.com[74.125.82.48]
May 7 13:12:29 xeanto postfix/submission/smtpd[12746]: disconnect from mail-wm0-f48.google.com[74.125.82.48] commands=0/0
May 7 13:20:34 xeanto postfix/submission/smtpd[12967]: connect from mail-wm0-f45.google.com[74.125.82.45]
May 7 13:21:16 xeanto postfix/submission/smtpd[12973]: connect from mail-wm0-f53.google.com[74.125.82.53]
May 7 13:25:34 xeanto postfix/submission/smtpd[12967]: SSL_accept error from mail-wm0-f45.google.com[74.125.82.45]: lost connection
May 7 13:25:34 xeanto postfix/submission/smtpd[12967]: lost connection after CONNECT from mail-wm0-f45.google.com[74.125.82.45]
May 7 13:25:34 xeanto postfix/submission/smtpd[12967]: disconnect from mail-wm0-f45.google.com[74.125.82.45] commands=0/0
May 7 13:26:16 xeanto postfix/submission/smtpd[12973]: SSL_accept error from mail-wm0-f53.google.com[74.125.82.53]: lost connection
May 7 13:26:16 xeanto postfix/submission/smtpd[12973]: lost connection after CONNECT from mail-wm0-f53.google.com[74.125.82.53]
May 7 13:26:16 xeanto postfix/submission/smtpd[12973]: disconnect from mail-wm0-f53.google.com[74.125.82.53] commands=0/0
I suspect that it is because im using certs for
mail.[redacted].us
instead of
[redacted].us
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
This comment has been deleted
Found my problem at least, courtesy of https://moocat.me/other/smtp-error1408a0c1-no-shared-cipher-ecc-support/ My cert was an ECDSA certificate: I reapplied a RSA certificate and now there appears to be no problem receiving emails from other servers, and checktls.com reports are compliant.
Wow - sorry, but I have the exact same problem at around the same time! Googled to no avail so far. Also using LetsEncrypt, postfix, dovecot, spamassassin, and can successfully send/receive emails in general from a remote Thunderbird client…but emails from (at least) one server fails: postconf -n
May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: connect from [other-server-redacted][IP-redacted] May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: setting up TLS connection from [other-server-redacted][IP-redacted] May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: [other-server-redacted][IP-redacted]: TLS cipher list “aNULL:-aNULL:HIGH:@STRENGTH” May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: SSL_accept:before/accept initialization May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: SSL3 alert write:fatal:handshake failure May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: SSL_accept:error in error May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: SSL_accept:error in error May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: SSL_accept error from [other-server-redacted][IP-redacted]]: -1 May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: warning: TLS library problem: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1417: May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: lost connection after STARTTLS from [other-server-redacted][IP-redacted] May 10 13:28:49 ip-172-31-31-136 postfix/smtpd[19816]: disconnect from [other-server-redacted][IP-redacted] ehlo=1 starttls=0/1 commands=1/2