Hi,
This is getting curiouser and curiouser. I decided to outsmart things, and put a stunnel infront of SMTP listening on 465, talking to 25. Genius, huh? Yea, not totally.
So I configured it to forward 465 to 25, started my openssl s_client and..... EXACT SAME ISSUES!!! What the bloody heck!? I even changed out the LetsEncrypt cert for a ZeroSSL one, same issue.
I'm running libssl.so.1.0.2k with Amazon patches.
Not sure where to go at this point..
Tuc
On Tue, Sep 22, 2020 at 9:39 PM Scott Ellentuch <tuctboh@xxxxxxxxx> wrote:
Hi,Thanks for the reply. These were the versions available on the OS I was using (Amazon Linux 1).I decided to move over to CentOS 7, postfix 2.10. dovecot-2.2.36 and cyrus-sasl-lib-2.1.26 . I realize this isn't the absolute latest of everything, but again, the closest I could get with RPMs right now.And, exactly the same behaviour. 25/587 is fine. 25+STARTTLS/465 either RENEGOTIATES SSL or immediately says DONEI also spun up Centos 8 which gave me postfix-3.3.1, dovecot-2.3.8 and cyrus-sasl-lib-2.1.27.And, exactly the same behaviour. 25/587 is fine. 25+STARTTLS/465 either RENEGOTIATES SSL or immediately says DONEI really need to get this going, any thoughts?Tnx, TucOn Tue, Sep 22, 2020 at 12:12 AM Quanah Gibson-Mount <quanah@xxxxxxxxx> wrote:
--On Monday, September 21, 2020 2:40 PM -0400 Scott Ellentuch
<tuctboh@xxxxxxxxx> wrote:
> I'm using sendmail 8.14.4 and Sasl 2.1.23 . Config info
Cyrus-SASL 2.1.23 released on 4/27/2009, over 11 years ago.
You may want to see if the behavior your describing is addressed by any of
the years of fixes since then as noted in
<https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/master/ChangeLog>
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
