TLS handshaking: SSL_accept() failed: error:1407609C:SSL

Discussion in 'General' started by artur_gib, Jul 29, 2012.

  1. artur_gib

    artur_gib New Member

    Hello

    I am using ISPConfig 3.0.4.6, Ubuntu Server 12.04. For the last 2 days I've noticed connections from various ip addresses (dovcot pop3/imap) but without login attempts. After every time there is an error message about TLS handshaking. I tried to google it but no success. Please have a look at the log:

    Jul 29 11:00:02 mail dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:00:02 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:00:03 mail postfix/smtpd[2685]: connect from localhost.localdomain[127.0.0.1]
    Jul 29 11:00:03 mail postfix/smtpd[2685]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jul 29 11:00:03 mail postfix/smtpd[2685]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 29 11:02:21 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=120.35.35.243, lip=192.168.1.10, TLS handshaking: SSL_accept() failed: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
    Jul 29 11:05:01 mail postfix/smtpd[3081]: connect from localhost.localdomain[127.0.0.1]
    Jul 29 11:05:01 mail dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:05:01 mail postfix/smtpd[3081]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jul 29 11:05:01 mail postfix/smtpd[3081]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 29 11:05:01 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:05:04 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=153.19.196.4, lip=192.168.1.10, TLS handshaking: SSL_accept() failed: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
    Jul 29 11:10:01 mail postfix/smtpd[3175]: connect from localhost.localdomain[127.0.0.1]
    Jul 29 11:10:01 mail dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:10:01 mail postfix/smtpd[3175]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jul 29 11:10:01 mail postfix/smtpd[3175]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 29 11:10:01 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:15:02 mail dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:15:02 mail postfix/smtpd[3251]: connect from localhost.localdomain[127.0.0.1]
    Jul 29 11:15:02 mail postfix/smtpd[3251]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jul 29 11:15:02 mail postfix/smtpd[3251]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 29 11:15:02 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:20:02 mail postfix/smtpd[3322]: connect from localhost.localdomain[127.0.0.1]
    Jul 29 11:20:02 mail dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:20:02 mail postfix/smtpd[3322]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jul 29 11:20:02 mail postfix/smtpd[3322]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 29 11:20:02 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:25:01 mail dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:25:01 mail postfix/smtpd[3391]: connect from localhost.localdomain[127.0.0.1]
    Jul 29 11:25:01 mail postfix/smtpd[3391]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jul 29 11:25:01 mail postfix/smtpd[3391]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 29 11:25:01 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:29:58 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=85.103.173.6, lip=192.168.1.10, TLS handshaking: SSL_accept() failed: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
    Jul 29 11:30:01 mail dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:30:01 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Jul 29 11:30:01 mail postfix/smtpd[3467]: connect from localhost.localdomain[127.0.0.1]
    Jul 29 11:30:01 mail postfix/smtpd[3467]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Jul 29 11:30:01 mail postfix/smtpd[3467]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 29 11:30:15 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=180.112.0.106, lip=192.168.1.10, TLS handshaking: SSL_accept() failed: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

    Any idea what it is?

    Thanks for help

    Artur
     
    artur_gib, Jul 29, 2012
    #1
  2. pititis

    pititis Member

    Hello,

    Don't worry. That's a guy/scan drone sending http headers like "GET /" to your pop3/imap server.

    Cheers
     
    pititis, Jul 29, 2012
    #2
  3. artur_gib

    artur_gib New Member

    Thank you very much. I thought so but wasn't sure.

    Artur
     
    artur_gib, Aug 3, 2012
    #3
  4. Poliman

    Poliman Member

    I have similar problem. Default config of dovecot (version 2.2.22) and postfix (3.1) on ubuntu (16.04 LTS with OpenSSL 1.0.2k 26 Jan 2017). On website https://cloud.tenable.com I run Internal PCI Scan. Result in /var/log/mail.err (thousands of lines):
    Code:
    Apr 27 09:43:00 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:43:01 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:45 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:45 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:45 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:46:45 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:46:46 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:46 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:47 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:46:47 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:46:52 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:53 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:53 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:46:53 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:46:58 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:58 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 09:46:59 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:46:59 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:47:08 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:08 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:10 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:10 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:11 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:11 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:12 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:12 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:16 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:16 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:17 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:18 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:47:18 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:18 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
Apr 27 09:47:18 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:18 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:47:18 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:18 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:20 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:47:21 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:21 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:21 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Apr 27 09:47:22 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:23 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 27 09:47:23 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Apr 27 09:47:23 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Apr 27 09:47:23 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Apr 27 09:47:24 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Apr 27 09:47:24 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Apr 27 09:47:24 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Apr 27 09:47:24 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Should I be worried about it? Does it mean that server is enough secured?
     
    Poliman, Apr 27, 2017
    #4

Share This Page