SMTP servers receiving from gmail

To: "netbsd-users%netbsd.org@localhost" <netbsd-users%netbsd.org@localhost>
Subject: SMTP servers receiving from gmail
From: Mike Pumford <mpumford%mudcovered.org.uk@localhost>
Date: Tue, 14 Apr 2020 18:44:54 +0100

I've been tracking a problem where my NetBSD SMTP server was unable toreceive e-mail from google getting failures reported as:


read error: FAILED_PRECONDITION: read error (0): error

Tracking it through with tcpdump showed that the google servers weremaking the connection, doing the STARTTLS SSL handshake and thendisconnecting without sending the message.

Turns out that if you have opportunistic STARTTLS turned on you hadbetter have an SSL crypto setup that google are happy with. For exim Ihad to set the following options:



#dhparam downloaded from: https://ssl-config.mozilla.org/ffdhe2048.txt
tls_dhparam = /usr/pkg/etc/exim/dhparam

# intermediate configuration
openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1

tls_require_ciphers =ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-P
OLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM
-SHA384

This came from:
https://ssl-config.mozilla.org/#server=exim&version=4.93&config=intermediate&openssl=1.1.1d&guideline=5.4

which also has a config that would suit the base system postfix.

Just wanted to get this out there in case anyone else was being baffledby a similar problem and couldn't find any clues on google as its takenme nearly 2 weeks to figure this out :(


Mike

Follow-Ups:
- Re: SMTP servers receiving from gmail
  - From: Rhialto

Prev by Date: Re: Changes to PERL
Next by Date: SLOW X-windows
Previous by Thread: Proposal: removing uyap(4), USB YAP phone firmware loader
Next by Thread: Re: SMTP servers receiving from gmail
Indexes:

Home | Main Index | Thread Index | Old Index