Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Postfix and Outlook - SSL error
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 211

PostPosted: Tue Apr 23, 2019 11:04 am    Post subject: Postfix and Outlook - SSL error Reply with quote

I have my postfix server configured and secured as far as I can tell. However when trying to send an email using Outlook or Windows Mail the following error is reported in the mail.log

Quote:
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:before/accept initialization
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read client hello A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write server hello A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write change cipher spec A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write finished A
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 flush data
Apr 23 18:58:01 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read finished A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL3 alert write:fatal:bad record mac
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: warning: TLS library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:535:
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:before/accept initialization
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read client hello A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write server hello A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write change cipher spec A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 write finished A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 flush data
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL_accept:SSLv3 read finished A
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: SSL3 alert write:fatal:bad record mac
Apr 23 18:58:02 goldberry postfix/smtpd[4070]: warning: TLS library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:535:


Here is the extract from mail.cf

Code:
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /var/lib/letsencrypt/domain.key
smtpd_tls_cert_file = /var/lib/letsencrypt/signed.pem
smtpd_tls_CAfile = /var/lib/letsencrypt/intermediate.pem
smtpd_tls_loglevel = 9
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_ciphers = high

smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

#Outbound
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1

#enforce the server cipher preference
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom


I am confused as it is working on other clients. Also why does the log still refer to SSLv3, which I believe has been disabled.

Any pointers on what could be causing this are much appreciated.
Back to top
View user's profile Send private message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 211

PostPosted: Tue Apr 23, 2019 11:36 am    Post subject: Reply with quote

I ended up resetting the windows firewall and this fixed the issue. Rather strange as this was on a fresh installation. Maybe removing McAffee did something to the firewall rules
Back to top
View user's profile Send private message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 211

PostPosted: Wed Apr 24, 2019 1:27 am    Post subject: Reply with quote

Spoke too soon. While this seem to have addressed the problem in the short term. My issue came back. I think this is something on the windows side rather then postfix as it only happens from one computer. Another computer running windows 10 works without issues.
Back to top
View user's profile Send private message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 211

PostPosted: Fri Apr 26, 2019 5:40 am    Post subject: Reply with quote

I made some further progress on this issue. The problem is only present when connected via WIFI. When using my ethernet port all emails are delivered as normal. I have

    Reset the router
    Verified there are no special rules configured on the router
    Reset the windows firewall rules to default
    Disabled the windows firewall
    Used the McAffee removal tool to ensure there is nothing left behind
    Changed my IP address
    Switched between public and private network
    Tried using an external SMTP service which presented the same failures.


So far none of these allow me to complete sending the message. The connection to the server is made, but as soon as the DATA section of the email is transmitted the connection is terminated. This seems to only happen when connected over WIFI.
Back to top
View user's profile Send private message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 211

PostPosted: Sat Apr 27, 2019 2:42 am    Post subject: Reply with quote

https://answers.microsoft.com/en-us/msoffice/forum/all/outlook-2016-problem-sending-emails-error/db6e2794-ed89-44c0-9616-cbe563eeb6dc?page=2

It appears that the problem was caused by some Dell pre-installed software, which I had initially thought was a driver. It appears that the software is in fact not a driver, but a network management or quality of service type of software. The name of the application is SmartByte. In Windows Services it appears as “Rivet Dynamic Bandwidth Management” and “SmartByte Network Service”.

This software can be found in the Microsoft Store:

https://www.microsoft.com/en-au/p/smartbyte/9mwzs8xm2b89?activetab=pivot:overviewtab

From looking at other recent reports of this problem (easy to find when you know what you are looking for), this software needs to be disabled in Windows Services, not uninstalled. It appears that software will be automatically reinstalled during Windows or Dell software updates.

It would also appear that this problem only occurs over a WiFi connection using the Dell built in network card. If an Ethernet cable is used or an alternative USB WiFi adapter is used the problem doesn't appear to occur.

Now what I find is very strange is that the Thunderbird Email client didn't have any problems with this software, but Outlook did.

Additional references to this problem, which have very recently been published:
https://www.dell.com/community/Productivity-Software/0x800ccc0f-error-outlook-2019-works-wired-error-wireless/m-p/7186615
https://www.reddit.com/r/Dell/comments/abcwxc/smartbytes_prevented_outlook_from_sending_email/

As these references have been published very recently, it is entirely possible that a recent update has been issued for the SmartByte software that is causing this problem.

I suggest that Microsoft include in their Outlook trouble shooting guide to use an alternative network connection device, particularly Ethernet.
Back to top
View user's profile Send private message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 211

PostPosted: Sat Apr 27, 2019 2:46 am    Post subject: Reply with quote

https://www.dell.com/community/Inspiron/Inspiron-G3-17-3779-Outlook-email-WiFi-can-t-send/td-p/7220911


Re: Inspiron G3 17-3779, Outlook email, WiFi can't send

We have confirmed that a large number of these problems are caused by using an outdated version of the Intel Wi-Fi driver. You can update your Intel Wi-Fi drivers to the latest version available by downloading and installing the appropriate package from Dell here – https://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=vg6m5.

If that doesn't solve the issue for you, updating SmartByte from this location - https://www.dell.com/support/home/us/en/rc974514/drivers/driversdetails?driverid=mmvk6 - may help.

If you have any other issues with SmartByte, please tell us about it by submitting a ticket here - http://support.rivetnetworks.com/submit-a-ticket/

-- Anthony with Rivet Networks
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum