Hallo,
seit gestern kommt die Meldung
postfix/smtpd[6196]: warning: TLS library problem: error:1417D18C:SSL routines:tls_process_client_hello:version too low:../ssl/statem/statem_srvr.c:992:
extrem oft im syslog vor. Rollt da eine Spam-Welle von schlecht konfigurierten Server auf uns zu oder ist es ein Fehler auf meiner Seite ?
Der SMTP-Text von mxtoolbox sagt jedoch alles in Ordnung. Hier meine Postfix-Conf (3.1.4-4)
Code
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical, proxy:mysql:/etc/postfix/mysql-canonical.cf
content_filter = clamav:[127.0.0.1]:10024
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 12h
dovecot_destination_recipient_limit = 1
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 60m
message_size_limit = 150000000
minimal_backoff_time = 5m
mydestination = srv1.mein-server.de, localhost
myhostname = mail.mein-server.de
mynetworks = 127.0.0.1 <....>
myorigin = /etc/mailname
proxy_read_maps = $local_recipient_maps, $canonical_maps, $virtual_mailbox_maps, $virtual_mailbox_domains, $virtual_alias_maps, $smtpd_sender_login_maps
queue_run_delay = 1m
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_cert_file = /etc/cert/mail.mein-server.de.pem
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_key_file = /etc/cert/mail.mein-server.de.key
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 5
smtpd_enforce_tls = no
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/rbl_override, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/cert/mail.mein-server.de.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/cert/mail.mein-server.de.key
smtpd_tls_received_header = yes
smtpd_use_tls = yes
spamassassin_destination_recipient_limit = 1
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/maildir/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:1000
Alles anzeigen