SMTP en erreur sur Thunderbird

jeroen · November 30, 2022, 12:20pm

Same problem I see here. I accidentally duplicated this error in another thread but I will put my findings here now:

Different error from external client connecting on IPv4 and internal IPv6:

admin@yunohost:~ $ sudo journalctl -xef |grep postfix
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: connect from x-x-x-x.mobile.net[x.x.x.x]
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: SSL_accept error from x-x-x-x.mobile.net[x.x.x.x]: -1
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1543:SSL alert number 46:
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: lost connection after STARTTLS from x-x-x-x.mobile.net[x.x.x.x]
Nov 30 09:56:08 yunohost.domain.com postfix/submission/smtpd[2819]: disconnect from x-x-x-x.mobile.kpn.net[x.x.x.x] ehlo=1 starttls=0/1 commands=1/2
-----snip-----
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: warning: hostname xxxx-xxxx-xxxx.connected.by.freedominter.net does not resolve to address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx: Name or service not known
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: connect from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: SSL_accept error from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]: -1
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45:
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: lost connection after STARTTLS from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]
Nov 30 09:59:42 yunohost.domain.com postfix/submission/smtpd[2958]: disconnect from unknown[xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx] ehlo=1 starttls=0/1 commands=1/2

Reverse DNS problem, router and yunohost disagree on IPv6, this seems to be because yunohost adds domains to /etc/dnsmasq.d/*.domain.com. When I forced using my router DNS the certificate issue persisted

root@router:~# dig -x xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx|grep domain.com
x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.ip6.arpa. 3468 IN PTR domain.com.

admin@yunohost:~ $ dig -x xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx|grep domain.com
x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.ip6.arpa. 0 IN PTR cloud.domain.com.

-jeroen