Oct 2025
gmx.de uses a TLS alert (71) to claim insufficient security. After disabling TLSv1 in postfix, it works (i.e. mail is delivered). Amazing.
postfix/smtpd[3923583]: TLS SNI mail.pmeerw.net from mout.gmx.net[212.227.15.18] not matched, using default chain postfix/smtpd[3923583]: Untrusted TLS connection established from mout.gmx.net[212.227.15.18]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (3072 bits) client-digest SHA256 postfix/smtpd[3923583]: warning: TLS library problem: error:0A00042F:SSL routines::tlsv1 alert insufficient security:../ssl/record/rec_layer_s3.c:916:SSL alert number 71: postfix/smtpd[3923583]: NOQUEUE: lost connection after STARTTLS from mout.gmx.net[212.227.15.18] postfix/smtpd[3923583]: disconnect from mout.gmx.net[212.227.15.18] ehlo=1 starttls=1 commands=2
posted at: 14:49 | path: /configuration | permanent link