NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

SMTP servers receiving from gmail



I've been tracking a problem where my NetBSD SMTP server was unable to receive e-mail from google getting failures reported as:

read error: FAILED_PRECONDITION: read error (0): error

Tracking it through with tcpdump showed that the google servers were making the connection, doing the STARTTLS SSL handshake and then disconnecting without sending the message.

Turns out that if you have opportunistic STARTTLS turned on you had better have an SSL crypto setup that google are happy with. For exim I had to set the following options:


#dhparam downloaded from: https://ssl-config.mozilla.org/ffdhe2048.txt
tls_dhparam = /usr/pkg/etc/exim/dhparam

# intermediate configuration
openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1
tls_require_ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-P
OLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM
-SHA384

This came from:
https://ssl-config.mozilla.org/#server=exim&version=4.93&config=intermediate&openssl=1.1.1d&guideline=5.4

which also has a config that would suit the base system postfix.

Just wanted to get this out there in case anyone else was being baffled by a similar problem and couldn't find any clues on google as its taken me nearly 2 weeks to figure this out :(

Mike


Home | Main Index | Thread Index | Old Index