Error message from Remote Server

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Error message from Remote Server

Michelle Konzack
Good evening,

I have contacted the abuse@ from an ISP, where a range of 8 IP adrresses
attacking my servers (on all protocols) and  now  I  get  this  from  my
courier:

----8<------------------------------------------------------------------
This is a delivery status notification from mail.tamay-dogan.net,
running the Courier mail server, version 0.68.2.

The original message was received on Fri, 27 Jan 2017 23:45:43 +0100
from localhost (localhost [127.0.0.1])

---------------------------------------------------------------------------

                           UNDELIVERABLE MAIL

Your message to the following recipients cannot be delivered:

 <[hidden email]>:
     biscmail.cv.net [167.206.112.38]:
 >>> STARTTLS
 <<< 500 couriertls: connect: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

 <[hidden email]>:
     biscmail.cv.net [167.206.112.38]:
 >>> STARTTLS
 <<< 500 couriertls: connect: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

---------------------------------------------------------------------------

If your message was also sent to additional recipients, their delivery
status is not included in this report.  You may or may not receive
other delivery status notifications for additional recipients.

The original message follows as a separate attachment.
----8<------------------------------------------------------------------

I have never gotten such error message.

with the exception of TLS1 things which I have removed last year already
and for my understanding is, that SSLv3 was negotiated  with  <biscmail>
and failed.  If I can not contact them by EMail I have to do an expensiv
long distance call.

Any suggestions?

--
Michelle Konzack        ITSystems
GNU/Linux Developer     0033-6-61925193

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Error message from Remote Server

Szépe Viktor

Idézem/Quoting Michelle Konzack <[hidden email]>:

> Good evening,
>
> I have contacted the abuse@ from an ISP, where a range of 8 IP adrresses
> attacking my servers (on all protocols) and  now  I  get  this  from  my
> courier:
>
> ----8<------------------------------------------------------------------
> This is a delivery status notification from mail.tamay-dogan.net,
> running the Courier mail server, version 0.68.2.
>
> The original message was received on Fri, 27 Jan 2017 23:45:43 +0100
> from localhost (localhost [127.0.0.1])
>
> ---------------------------------------------------------------------------
>
>                            UNDELIVERABLE MAIL
>
> Your message to the following recipients cannot be delivered:
>
>  <[hidden email]>:
>      biscmail.cv.net [167.206.112.38]:
>  >>> STARTTLS
>  <<< 500 couriertls: connect: error:14094410:SSL  
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>
>  <[hidden email]>:
>      biscmail.cv.net [167.206.112.38]:
>  >>> STARTTLS
>  <<< 500 couriertls: connect: error:14094410:SSL  
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>
> ---------------------------------------------------------------------------
>
> If your message was also sent to additional recipients, their delivery
> status is not included in this report.  You may or may not receive
> other delivery status notifications for additional recipients.
>
> The original message follows as a separate attachment.
> ----8<------------------------------------------------------------------
>
> I have never gotten such error message.
>
> with the exception of TLS1 things which I have removed last year already
> and for my understanding is, that SSLv3 was negotiated  with  <biscmail>
> and failed.  If I can not contact them by EMail I have to do an expensiv
> long distance call.
>
> Any suggestions?


$ openssl s_client -connect biscmail.cv.net:25 -starttls smtp  (my  
openssl is v1.0.2h)

...
Cipher    : RC4-MD5
...

Maybe RC4-MD5 is not supported by your Courier installation which very good.
You may disable encryption in /etc/courier/esmtproutes
cv.net:biscmail.cv.net /SECURITY=NONE

All the best!


SZÉPE Viktor
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
+36-20-4242498  [hidden email]  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: Error message from Remote Server

Gordon Messmer-2
In reply to this post by Michelle Konzack
On 01/27/2017 02:59 PM, Michelle Konzack wrote:
>   <<< 500 couriertls: connect: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

What TLS settings have you specified in /etc/courier/courierd?



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: Error message from Remote Server

Sam Varshavchik
In reply to this post by Michelle Konzack
Michelle Konzack writes:

> Your message to the following recipients cannot be delivered:
>
>  <[hidden email]>:
>      biscmail.cv.net [167.206.112.38]:
>  >>> STARTTLS
>  <<< 500 couriertls: connect: error:14094410:SSL  
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>
>  <[hidden email]>:
>      biscmail.cv.net [167.206.112.38]:
>  >>> STARTTLS
>  <<< 500 couriertls: connect: error:14094410:SSL  
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>
> ---------------------------------------------------------------------------
>
> If your message was also sent to additional recipients, their delivery
> status is not included in this report.  You may or may not receive
> other delivery status notifications for additional recipients.
>
> The original message follows as a separate attachment.
> ----8<------------------------------------------------------------------
>
> I have never gotten such error message.
>
> with the exception of TLS1 things which I have removed last year already
> and for my understanding is, that SSLv3 was negotiated  with  <biscmail>
> and failed.  If I can not contact them by EMail I have to do an expensiv
> long distance call.
The actual text of the error message comes from OpenSSL, and it is very  
misleading. Ignore the "sslv3" part of it. OpenSSL uses internal routines  
named "sslv3" that will autonegotiate the protocol level with the peer.

As I recall, you are using a relative older version of Courier. Since then,  
the OpenSSL API have been updated, and the default settings in the current  
version of Courier's configuration files will be sufficient to negotiate any  
protocol that's common to both the client and the server.

Also, the current version of Courier should handle TLS negotiation failures  
automatically. The unsent message will not initially bounce, and the next  
connection attempt will not attempt to negotiate TLS with the remote server.



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Error message from Remote Server

Michelle Konzack
In reply to this post by Gordon Messmer-2
On 2017-01-27 15:13:39 Gordon Messmer hacked into the keyboard:
> On 01/27/2017 02:59 PM, Michelle Konzack wrote:
> >   <<< 500 couriertls: connect: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>
> What TLS settings have you specified in /etc/courier/courierd?

----[ c 'grep TLS /etc/courier/courierd' ]------------------------------

ESMTP_USE_STARTTLS=1
COURIERTLS=/usr/bin/couriertls
ESMTP_TLS_VERIFY_DOMAIN=0
TLS_PROTOCOL=TLS1
TLS_TRUSTCERTS=/usr/lib/courier/rootcerts
TLS_VERIFYPEER=NONE
------------------------------------------------------------------------

Thanks andnice weekend

--
Michelle Konzack        ITSystems
GNU/Linux Developer     0033-6-61925193

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Error message from Remote Server

Gordon Messmer-2
On 01/27/2017 11:33 PM, Michelle Konzack wrote:
> On 2017-01-27 15:13:39 Gordon Messmer hacked into the keyboard:
>> What TLS settings have you specified in /etc/courier/courierd?
> ----[ c 'grep TLS /etc/courier/courierd' ]------------------------------
>
> TLS_PROTOCOL=TLS1
> ------------------------------------------------------------------------

TLS_PROTOCOL isn't set by default, at least in the current version. Try
unsetting that and checking delivery.

Note that SSL3 support is disabled in the current version.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users