You are not logged in.

#1 2022-12-07 06:30:42

t_wrex
Member
Registered: 2020-03-27
Posts: 30

[SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"

I have setup a new Postfix server using an identical configuration that was working fine on a previous Arch mail server, using saslauthd for auth. Now, a random amount of times I am experiencing broken connections with the following error:

Dec 07 00:11:07 MX postfix/smtpd[2791]: connect from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34]
Dec 07 00:11:07 MX postfix/smtpd[2791]: Anonymous TLS connection established from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Dec 07 00:11:07 MX postfix/smtpd[2791]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:320:
Dec 07 00:11:07 MX postfix/smtpd[2791]: lost connection after STARTTLS from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34]
Dec 07 00:11:07 MX postfix/smtpd[2791]: disconnect from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34] ehlo=1 starttls=1 commands=2

It is entirely random; sometimes the same mail server will try to resend me the same mail and the connection proceeds normally. I even get this error running this command locally on the mail server:

openssl s_client -connect localhost:smtp -starttls smtp

And it is entirely random; I just ran the s_client command 10 times, and 7 out of the 10 times it failed, 3 times it succeeded normally..... very frustrating.

I see some people have experienced the same with Postfix on Ubuntu https://askubuntu.com/questions/1411682 … eading-ssl . They suggest altering the "saslauthd" file to remove "PARAMS=", but I don't have a "PARAMS=" in my saslauthd, only the following:

SASLAUTHD_OPTS="-c -m /run/saslauthd -r -a rimap -O 127.0.0.1"

Does anyone know how to fix this error? It is causing a large amount of mail to be unreceived. Thanks.

Last edited by t_wrex (2022-12-18 06:34:40)

Offline

#2 2022-12-07 07:22:13

-thc
Member
Registered: 2017-03-15
Posts: 486

Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"

This thread shows that it's a specific form of miscommunication between OpenSSL and the application.

[OpenSSL] 3.0.x requires the application to set the SSL_OP_IGNORE_UNEXPECTED_EOF to ignore the error.

Downgrading to OpenSSL 1.1.1q may fix this issue.

Offline

#3 2022-12-07 12:01:21

t_wrex
Member
Registered: 2020-03-27
Posts: 30

Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"

OK so how would I go about doing that? The only version in the repos of 1.1.1 is "s". And then, how would I tell Postfix to use the 1.1.1 version of openssl?

Offline

#4 2022-12-07 12:34:42

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,431

Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"

This wouldn't be a good idea anyway and wouldn't help since the Arch version of postfix is built against openssl3. You should report this to the postfix developers, in the mean time, what you should be able to do is set the tls_ssl_options parameter in your main.cf to the value of 0x80 to enable SSL_OP_IGNORE_UNEXPECTED_EOF https://github.com/openssl/openssl/blob … .h.in#L339

Last edited by V1del (2022-12-07 14:05:15)

Offline

#5 2022-12-08 02:02:33

loqs
Member
Registered: 2014-03-06
Posts: 17,198

Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"

Upstream discussed the issue and there was a proposed patch https://www.mail-archive.com/postfix-us … 95805.html

Offline

#6 2022-12-18 06:28:00

t_wrex
Member
Registered: 2020-03-27
Posts: 30

Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"

V1del wrote:

This wouldn't be a good idea anyway and wouldn't help since the Arch version of postfix is built against openssl3. You should report this to the postfix developers, in the mean time, what you should be able to do is set the tls_ssl_options parameter in your main.cf to the value of 0x80 to enable SSL_OP_IGNORE_UNEXPECTED_EOF https://github.com/openssl/openssl/blob … .h.in#L339

Thank you, I was able to work around the bug by setting the tls_ssl_options to 0x80, I had initially tried 0x70 but 0x80 was the correct one.

Offline

#7 2023-02-21 13:07:36

t_wrex
Member
Registered: 2020-03-27
Posts: 30

Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"

Whaddya know, I reported this on the Postfix mailing list and it actually got fixed cool

https://www.postfix.org/announcements/p … 3.7.4.html

Last edited by t_wrex (2023-02-21 13:08:10)

Offline

Board footer

Powered by FluxBB