On Thu, May 19, 2016, Carsten Strotmann (sys4) wrote:
this seems to be the issue, Although "spamd" in its latest version does support TLS, *my* installation has stopped to offer STARTTLS. I need to
Really?
read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 32 2 read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 32 2 read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 30 0 read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0001 - <SPACES/NULS> read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 6d m read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 61 a read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 69 i read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 6c l read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 2e . read from 0x1003ee420 [0x1003f1270] (4096 bytes => 1 (0x1)) 0000 - 73 s read from 0x1003ee420 [0x1003f1270] (4096 bytes => 73 (0x49)) 0000 - 74 72 6f 74 6d 61 6e 6e-2e 64 65 20 45 53 4d 54 trotmann.de ESMT 0010 - 50 20 73 70 61 6d 64 20-49 50 2d 62 61 73 65 64 P spamd IP-based 0020 - 20 53 50 41 4d 20 62 6c-6f 63 6b 65 72 3b 20 54 SPAM blocker; T 0030 - 68 75 20 4d 61 79 20 31-39 20 31 39 3a 33 38 3a hu May 19 19:38: 0040 - 33 36 20 32 30 31 36 0d-0a 36 2016.. write to 0x1003ee420 [0x1003f2280] (25 bytes => 25 (0x19)) 0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli 0010 - 65 6e 74 2e 6e 65 74 0d-0a ent.net.. read from 0x1003ee420 [0x1003f1270] (4096 bytes => 14 (0xE)) 0000 - 32 35 30 20 53 54 41 52-54 54 4c 53 0d 0a 250 STARTTLS.. write to 0x1003ee420 [-0x80005eb0] (10 bytes => 10 (0xA)) 0000 - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 0x1003ee420 [0x1003e3730] (8192 bytes => 56 (0x38)) 0000 - 32 32 30 20 67 6c 61 64-20 79 6f 75 20 77 61 6e 220 glad you wan 0010 - 74 20 74 6f 20 62 75 72-6e 20 6d 6f 72 65 20 43 t to burn more C 0020 - 50 55 20 63 79 63 6c 65-73 20 6f 6e 20 79 6f 75 PU cycles on you 0030 - 72 20 73 70 61 6d 0d 0a- r spam.. SSL_connect:before/connect initialization ... Server certificate subject=/CN=mail.strotmann.de issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 --- No client certificate CA names sent --- SSL handshake has read 3576 bytes and written 538 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2560 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 4DE94964346F99C2798593C6A16A37CC03CFBFEB1B12218A7D647D9CC5521666 Session-ID-ctx: Master-Key: 89C06D81DEA6438E523840D8854C07D4AD7D8CB5DADAE878F218E0E085BB3D483886E79D7CB336A4EEB78411C4E4CEAB Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 97 2f 4b 2b 96 1f 0c 6f-f9 7b fb b0 79 2c af 3e ./K+...o.{..y,.> 0010 - 61 9a 27 21 e7 0f 8f 33-8c 0b ab 37 09 34 ed c1 a.'!...3...7.4.. 0020 - e3 c2 f8 a7 bf 4c 41 e3-d4 2a f7 37 6f e7 28 fd .....LA..*.7o.(. 0030 - 50 b0 ab 69 a4 67 78 89-38 27 32 55 62 13 b9 5d P..i.gx.8'2Ub..] 0040 - 14 2e 4d ee 83 57 57 2c-45 23 91 b8 e4 a9 7e 89 ..M..WW,E#....~. 0050 - 8f bd 43 7d 67 9b e7 7a-96 bc d4 ae 21 0e 29 34 ..C}g..z....!.)4 0060 - 3f 42 92 76 25 00 9e 98-56 6d 90 16 70 50 d6 d9 ?B.v%...Vm..pP.. 0070 - ea 81 30 b4 e4 62 1e d0-eb 01 fb 1d b2 ed d0 48 ..0..b.........H 0080 - f1 d7 83 32 2d 16 3e c0-06 6f ed f5 21 e6 e4 ed ...2-.>..o..!... 0090 - 3d e8 29 ae 69 9e 4b 5f-31 1b 65 0d 89 69 e9 b5 =.).i.K_1.e..i.. 00a0 - 6d 8e ce ba 14 35 64 7b-4b cb b4 d3 4e f5 fb d8 m....5d{K...N... 00b0 - 26 e9 9c 7f f2 d3 dd d4-5c 2c 71 bb f3 36 46 3d &.......,q..6F=
Start Time: 1463679529 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- 250 STARTTLS EHLO o write to 0x1003ee420 [0x1003fad43] (37 bytes => 37 (0x25)) 0000 - 17 03 03 00 20 38 8b 1c-03 e7 00 4b 6e e0 f4 14 .... 8.....Kn... 0010 - 0b 62 7f 8e 04 c5 d0 f6-5e 53 92 25 9e 3d 5b 0c .b......^S.%.=[. 0020 - 44 6f 70 ad fe Dop.. read from 0x1003ee420 [0x1003f67e3] (5 bytes => 5 (0x5)) 0000 - 17 03 03 00 38 ....8 read from 0x1003ee420 [0x1003f67e8] (56 bytes => 56 (0x38)) 0000 - 00 00 00 00 00 00 00 01-23 3e ab e4 d8 d5 fb 4c ........#>.....L 0010 - 62 72 85 da 80 aa f2 c1-6c 02 ae 3f 08 de 1a 66 br......l..?...f 0020 - 71 d2 72 b7 e8 88 4d af-56 22 82 4d 07 95 71 88 q.r...M.V".M..q. 0030 - 47 af 04 df 0f ec 28 60- G.....(` 500 5.5.1 Command unrecognized quit
Seems STARTTLS is offered and "kind of" working... but then EHLO fails.
Maybe you should just use a real MTA... (or figure out why spamd behaves this way and fix it?)