TLS library problem

Discussion in 'Server Operation' started by Maede, Oct 21, 2019.

  1. Maede

    Maede New Member

    Hi everybody
    I use ISPConfig and now I have a lot of line as follow in my syslog file:

    postfix/smtpd[29337]: connect from[]
    postfix/smtpd[29337]: SSL_accept error from[]: -1
    postfix/smtpd[29337]: warning: TLS library problem: error:142090FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../ssl/statem/statem_srvr.c:1642:
    postfix/smtpd[29337]: lost connection after STARTTLS from[]

    The IP is an attacker source

    I'll really appreciate any help

    Thanks in advance
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The attacker did not now password for the e-mail account, so the connection attempt failed. This is a good thing.
    You can use fail2ban to block the IP automatically after repeated attempts.
  3. Maede

    Maede New Member

    Thanks a lot.
    I already have used fail2ban as follow:

    enabled = true
    port = smtp,ssmtp
    filter = postfix-auth
    action = iptables[name=SMTP-auth, port=smtp, protocol=tcp]
    logpath = /var/log/maillog
    maxretry = 2
    bantime = 36000
    findtime = 300

    and /etc/fail2ban/filter.d/postfix-auth.conf:
    # Fail2ban postfix-auth filter
    before = common.conf

    _daemon = postfix/smtpd
    failregex = ^%(__prefix_line)slost connection after .*\[<HOST>\]$
    ignoreregex =

    but I fall into problem with postfix after 2-3 days.
    also I have same problem when add following line to file:
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,reject_invalid_hostname,reject_non_fqdn_hostname, reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain, reject_rbl_client,reject_rbl_client,reject_rbl_client,reject_rbl_client, check_recipient_access mysql:/etc/postfix/, check_recipient_access mysql:/etc/postfix/

    I'll really appreciate any help
    Thanks in advance.
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You do not say what problem.
    Again what problem? Maybe there is something wrong in that line. What changes did you make?
  5. Maede

    Maede New Member

    sorry, the problem is that I can't send or receive emails. when I remove these configurations, the problem solved.
  6. Steini86

    Steini86 Active Member

    If you don't post logfiles, there is nothing how we can help you. Start with "tail -f /var/log/mail.log" then try to send/receive an email and post the corresponding lines.

    if your fail2ban entry is correct, then your logfile is at /var/log/maillog
    What do you want to achieve with that restrictions to smtpd_recipient_restrictions ? Those make no sense. Did you just copy something from the internet or do you understand what you are doing?
    Last edited: Oct 22, 2019
  7. Maede

    Maede New Member

    Sorry for my incomplete explanation.
    I change "smtpd_recipient_restrictions" because I had a lot "connect from unknown [ IP address] " in maillog file.
    when I apply changes I have following line in maillog file:

    Oct 15 07:16:13 ns3092192 postfix/smtpd[23636]: warning: hostname ip-38-37.ZervDNS does not resolve to address Name or service not known
    Oct 15 07:16:13 ns3092192 postfix/smtpd[23636]: connect from unknown[]
    Oct 15 07:16:15 ns3092192 postfix/smtpd[23636]: disconnect from unknown[] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Oct 15 07:16:42 ns3092192 postfix/submission/smtpd[30193]: connect from unknown[]
    Oct 15 07:16:42 ns3092192 postfix/submission/smtpd[30193]: NOQUEUE: reject: CONNECT from unknown[]: 554 5.7.1 <unknown[]>: Client host rejected: Access denied; proto=SMTP

    and I can send/receive on emails. is my private IP address for my office. after I change "smtpd_recipient_restrictions" to default, I can send and receive mail.

    Thanks for your help.
  8. Steini86

    Steini86 Active Member

    Well, the idea of a mail server (at least mine) is, that unknown computers can connect and leave an email. If you don't want mails you can block them, for sure.

    What is "standard setting", what do you change?
    You set the restrictions to "permit_sasl_authenticated" but it looks from the logs, like your client does not authenticate?

Share This Page