Ich habe Deine Konfiguration genommen. Ein paar Stellen sind anders, da Postfix 2.11 abweichende defaults hat.
# postconf -n | grep smtpd_tls
smtpd_tls_cert_file = /var/lib/letsencrypt.sh/certs/example.com/fullchain.pem
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = ${config_directory}/dh3072.pem
smtpd_tls_key_file = /var/lib/letsencrypt.sh/certs/example.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
Web.de liefert Mails an diese Konfiguration verschlüsselt.
Mar 20 20:10:58 example postfix/smtpd[14526]: connect from mout.web.de[212.227.15.14]
Mar 20 20:10:58 example postfix/smtpd[14526]: Anonymous TLS connection established from mout.web.de[212.227.15.14]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Mar 20 20:10:58 example postfix/smtpd[14526]: 9F8B851E: client=mout.web.de[212.227.15.14]
Mar 20 20:10:58 example postfix/cleanup[14531]: 9F8B851E: message-id=<7343484.oR80Ns88ZF@web.de>
Mar 20 20:10:58 example postfix/qmgr[14516]: 9F8B851E: from=<user@web.de>, size=2004, nrcpt=1 (queue active)
Mar 20 20:10:58 example postfix/smtpd[14526]: disconnect from mout.web.de[212.227.15.14]
Mar 20 20:10:58 example postfix/qmgr[14516]: 9F8B851E: removed
Ich habe mir Deine Zertifikate angesehen. Die Kette ist in Ordnung. Allerdings könntest Du zustäzlich den/die Hostname(s) in die SAN extension des Zertifikats übernehmen.
$ gnutls-cli --starttls-proto=smtp example.net
Processed 3 CA certificate(s).
Resolving 'example.net:smtp'...
Connecting to '192.0.2.194:25'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=example.net', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x0309badcafef47f616db798ebacf0b4bbfd5, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-01-11 15:53:00 UTC', expires `2017-04-11 15:53:00 UTC', key-ID `sha256:467d930452f3dbe12cfcebc4fbedcffaf3e170157a0838d79b7f91477f165673'
Public Key ID:
sha1:7783126388567bb84c69319169f11e0a8e59b300
sha256:467d930452f3dbe12cfcebc4fbedcffaf3e170157a0838d79b7f91477f165673
Public key's random art:
+--[ RSA 2048]----+
|E *= |
| . o+O |
| . *.B B |
| B B * + . |
| o o + S o o |
| o . . |
| |
| |
| |
+-----------------+
- Certificate[1] info:
- subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', key-ID `sha256:60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18'
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID: B3:6A:0F:6E:05:FF:9E:75:96:11:04:C8:67:37:44:93:F9:91:4D:FC:75:9B:C3:BA:9B:03:9D:04:D7:EF:C1:C4
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA512
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed
- Simple Client Mode:
QUIT
221 2.0.0 Bye
- Peer has closed the GnuTLS connection
Alles anzeigen
Dabei ist jedoch aufgefallen, dass Deine Diffie-Hellmann-Parameter recht kurz sind.
$ gnutls-cli-debug -V --port=25 --starttls-proto=smtp example.net
GnuTLS debug client 3.5.8
Checking example.net:25
for SSL 3.0 (RFC6101) support... no
whether we need to disable TLS 1.2... no
whether we need to disable TLS 1.1... no
whether we need to disable TLS 1.0... no
whether %NO_EXTENSIONS is required... no
whether %COMPAT is required... no
for TLS 1.0 (RFC2246) support... yes
for TLS 1.1 (RFC4346) support... yes
for TLS 1.2 (RFC5246) support... yes
fallback from TLS 1.6 to... TLS1.2
for inappropriate fallback (RFC7507) support... yes
for certificate chain order... sorted
for trusted CAs... none
for safe renegotiation (RFC5746) support... yes
for encrypt-then-MAC (RFC7366) support... no
for ext master secret (RFC7627) support... no
for heartbeat (RFC6520) support... no
for version rollback bug in RSA PMS... dunno
for version rollback bug in Client Hello... no
whether the server ignores the RSA PMS version... yes
whether small records (512 bytes) are tolerated on handshake... yes
whether cipher suites not in SSL 3.0 spec are accepted... yes
whether a bogus TLS record version in the client hello is accepted... yes
whether the server understands TLS closure alerts... partially
whether the server supports session resumption... no
for anonymous authentication support... yes
for ephemeral Diffie-Hellman support... yes
ephemeral Diffie-Hellman group info... saved in debug-dh.out
for ephemeral EC Diffie-Hellman support... yes
for curve SECP256r1 (RFC4492)... yes
for curve SECP384r1 (RFC4492)... no
for curve SECP521r1 (RFC4492)... no
error receiving 220 : Interrupted system call
$ openssl dhparam -in debug-dh.out -noout -text
DH Parameters: (1024 bit)
prime:
00:e3:5f:cb:48:b8:a6:d1:5f:50:26:ea:d6:96:e4:
a6:f8:10:25:d8:50:99:49:44:e1:cb:26:f5:5f:76:
fa:7f:c3:cd:07:d4:83:8e:45:3e:66:3e:1e:6d:44:
a4:88:f0:e7:81:85:a4:7d:e4:fe:6b:68:d7:c1:83:
02:bc:60:f9:b1:55:95:dd:4b:20:ca:d5:4c:37:24:
43:c2:cb:ea:0f:73:45:92:71:f8:ea:5d:d4:4d:8e:
30:00:3d:ba:ec:ec:ec:1a:62:a6:a4:05:b1:74:76:
53:d1:3a:36:fb:6e:66:b9:9c:de:90:49:ea:c5:da:
c8:8a:b5:85:55:64:66:09:ab
generator: 2 (0x2)
Alles anzeigen
Das hat aber nichts mit dem Problem zu tun. Es sieht alles gut aus.
Mit einem tcpdump könnte man auch den Inhalt loggen (-X oder -XX). Dieser ist aus der bisherigen Textausgabe nicht zu ersehen, enthält möglicherweise (unwahrscheinlich) weitere Hinweise. Wenn Du den dump stattdessen direkt in eine Datei schreibst (-w), bekommt man mit Wireshark eine gut lesbare Übersetzung, bei -X übersetzt Du alles von Hand. Außerdem solltest Du den smtpd_tls_loglevel bis auf 4 hochschrauben.
Welche TLS-Library nutzt Dein Postfix?