TLS handshake error - ReadList.com

10 msg	header check question
12 msg	verify parameters
4 msg	Configure postfix in big env
2 msg	envelope sender '<>' via uucp gets rewrit...
2 msg	Spam filtering only for specific email accounts
3 msg	Postfix 2.4 to 2.5: smtp(d)_tls_session_cache_d...
15 msg	Question about 'standards' WRT BATV and SAV
7 msg	my solution to fight backscatter email
2 msg	AUTO: Joe Grastara is out of the office (return...
12 msg	Q about sender_dependent_relayhost_maps inbound...
16 msg	Milter Suggestions
9 msg	Transport table and postmap
3 msg	Archiving e-mail?
8 msg	Error 550: unable to relay
1 msg	FW: new subject

TLS handshake error
\ Ralf Hildebrandt (8 May 2008)
. \ Ralf Hildebrandt (8 May 2008)
. . \ Victor Duchovni (8 May 2008)
. . . \ Ralf Hildebrandt (8 May 2008)
. . . . \ Victor Duchovni (8 May 2008)
. . . . . \ Ralf Hildebrandt (8 May 2008)
. . . . . . \ Victor Duchovni (8 May 2008)
. \ Victor Duchovni (8 May 2008)
. . \ Ralf Hildebrandt (8 May 2008)
. \ Ralf Hildebrandt (8 May 2008)
. . \ Ralf Hildebrandt (8 May 2008)
. . \ Victor Duchovni (8 May 2008)
. . . \ Ralf Hildebrandt (8 May 2008)

6 msg	Seperating SMTP and POP/IMAP services
3 msg	Test 2
1 msg	Testing
12 msg	[Fwd: ldap users & aliases config]

Subject:	TLS handshake error
Group:	Postfix-users
From:	Ralf Hildebrandt
Date:	8 May 2008

From my log:

May 8 10:08:06 mail-ausfall postfix/qmgr[20518]: 3C25D23FC64: from=<Christiane.Schwintzer>, size=31290, nrcpt=1 (queue active)
May 8 10:08:06 mail-ausfall postfix/smtp[21663]: 3C25D23FC64: Cannot start TLS: handshake failure
May 8 10:08:06 mail-ausfall postfix/smtp[21663]: 3C25D23FC64: to=<recipient>, relay=mpibmail.RZ-Berlin.mpg.de[141.14.128.174]:25, delay=0.34, delays=0.1/0/0.16/0.08, dsn=2.0.0, status=sent (250 Ok: queued as EDDDE5700E)

Using s_client I get:

# openssl s_client -starttls smtp -CAfile
/etc/ssl/certs/ca-certificates.crt -connect mpibmail.RZ-Berlin.mpg.de:25
CONNECTED(00000003)
depth=0 /C=DE/ST=Berlin/L=Berlin/O=Max-Planck-Institute for Human Development/OU=MPIB/CN=mpibmail.rz-berlin.mpg.de/emailAddress=mante
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=DE/ST=Berlin/L=Berlin/O=Max-Planck-Institute for Human Development/OU=MPIB/CN=mpibmail.rz-berlin.mpg.de/emailAddress=mante
verify return:1
---
Certificate chain
0 s:/C=DE/ST=Berlin/L=Berlin/O=Max-Planck-Institute for Human
Development/OU=MPIB/CN=mpibmail.rz-berlin.mpg.de/emailAddress=mante
i:/C=DE/ST=Berlin/L=Berlin/O=Max-Planck-Institute for Human
Development/OU=MPIB/CN=mpibmail.rz-berlin.mpg.de/emailAddress=mante
---
Server certificate
-----BEGIN CERTIFICATE-----
... snip ...
-----END CERTIFICATE-----
subject=/C=DE/ST=Berlin/L=Berlin/O=Max-Planck-Institute for Human Development/OU=MPIB/CN=mpibmail.rz-berlin.mpg.de/emailAddress=mante
issuer=/C=DE/ST=Berlin/L=Berlin/O=Max-Planck-Institute for Human Development/OU=MPIB/CN=mpibmail.rz-berlin.mpg.de/emailAddress=mante
---
Acceptable client certificate CA names
/C=AU/ST=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
---
SSL handshake has read 1739 bytes and written 363 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 00C57001F1A97F8B42283FEB44A1E042E6A3347B3492C6D5D27927E52D5CD600
Session-ID-ctx:
Master-Key: CFDFCCB1291DC18825D47476058C582F7248AFEAE5DBE83FD9B3880C1A52FE694F0A1711341BD791 D3F4AF49B6DA2D78
Key-Arg : None
Start Time: 1210252689
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 8BITMIME
QUIT
DONE

So it's self signed, but why do I get a "Cannot start TLS: handshake
failure" ?

--
Ralf Hildebrandt (Ralf.Hildebrandt) snickebo
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Ich habe hier Windows 2000 spontan fällt mir dazu die Szene aus das
"Leben des Brian" ein, in der der Mitgefangene im Kerker Brian als
Günstling bezeichnet, weil er vom Kerkermeister angespuckt wurde.