[Bug 1001040] Re: "TLS library problem" drops incoming mail when sender uses RC4-MD5 cipher

Eric Lambart 1001040 at bugs.launchpad.net
Thu May 17 23:22:53 UTC 2012


** Description changed:

  Everytime my email server (Ubuntu Server 12.04) receives an email sent
  from google.com (e.g. gmail) using TLS with the RC4-MD5 cipher, it
  fails. Here is the output of once such interaction.
  
  I have set smtpd_tls_loglevel=2 in /etc/postfix/main.cf in hopes this
  will help.  Note that I have replaced my actual hostname with
  'myhostname'
  
  May 17 15:43:02 myhostname postfix/smtpd[28328]: initializing the server-side TLS engine
  May 17 15:43:02 myhostname postfix/smtpd[28328]: connect from mail-yw0-f47.google.com[209.85.213.47]
  May 17 15:43:03 myhostname postfix/smtpd[28328]: setting up TLS connection from mail-yw0-f47.google.com[209.85.213.47]
  May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:before/accept initialization
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client hello A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server hello A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write certificate A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server done A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client key exchange A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read finished A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write change cipher spec A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write finished A
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data
  May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: save session DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp to smtpd cache
  May 17 15:43:03 myhostname postfix/tlsmgr[28319]: put smtpd session id=DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17 780133B84CE85D295&s=smtp [data 127 bytes]
  May 17 15:43:03 myhostname postfix/tlsmgr[28319]: write smtpd TLS cache entry DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp: time=1337294583 [data 127 bytes]
  May 17 15:43:03 myhostname postfix/smtpd[28328]: Anonymous TLS connection established from mail-yw0-f47.google.com[209.85.213.47]: TLSv1 with cipher RC4-MD5 (128/128 bits)
  May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL3 alert read:fatal:bad record mac
  May 17 15:43:03 myhostname postfix/smtpd[28328]: warning: TLS library problem: 28328:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20:
  May 17 15:43:03 myhostname postfix/smtpd[28328]: lost connection after EHLO from mail-yw0-f47.google.com[209.85.213.47]
  May 17 15:43:03 myhostname postfix/smtpd[28328]: disconnect from mail-yw0-f47.google.com[209.85.213.47]
  
  At least one other user is encountering this problem, as discussed here:
  
- http://ubuntuforums.org/showthread.php?p=11945418#post11945418
+ http://ubuntuforums.org/showthread.php?t=1981839
  
  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: postfix 2.9.1-4
  ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
  Uname: Linux 3.2.0-23-generic x86_64
  ApportVersion: 2.0.1-0ubuntu7
  Architecture: amd64
  Date: Thu May 17 16:02:33 2012
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
  ProcEnviron:
-  TERM=xterm
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: postfix
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1001040

Title:
  "TLS library problem" drops incoming mail when sender uses RC4-MD5
  cipher

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1001040/+subscriptions



More information about the Ubuntu-server-bugs mailing list