You are not logged in.
- Topics: Active | Unanswered
#1 2022-12-07 06:30:42
- t_wrex
- Member
- Registered: 2020-03-27
- Posts: 34
[SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"
I have setup a new Postfix server using an identical configuration that was working fine on a previous Arch mail server, using saslauthd for auth. Now, a random amount of times I am experiencing broken connections with the following error:
Dec 07 00:11:07 MX postfix/smtpd[2791]: connect from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34]
Dec 07 00:11:07 MX postfix/smtpd[2791]: Anonymous TLS connection established from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Dec 07 00:11:07 MX postfix/smtpd[2791]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:320:
Dec 07 00:11:07 MX postfix/smtpd[2791]: lost connection after STARTTLS from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34]
Dec 07 00:11:07 MX postfix/smtpd[2791]: disconnect from mail-io1-xd34.google.com[2607:f8b0:4864:20::d34] ehlo=1 starttls=1 commands=2It is entirely random; sometimes the same mail server will try to resend me the same mail and the connection proceeds normally. I even get this error running this command locally on the mail server:
openssl s_client -connect localhost:smtp -starttls smtpAnd it is entirely random; I just ran the s_client command 10 times, and 7 out of the 10 times it failed, 3 times it succeeded normally..... very frustrating.
I see some people have experienced the same with Postfix on Ubuntu https://askubuntu.com/questions/1411682 … eading-ssl . They suggest altering the "saslauthd" file to remove "PARAMS=", but I don't have a "PARAMS=" in my saslauthd, only the following:
SASLAUTHD_OPTS="-c -m /run/saslauthd -r -a rimap -O 127.0.0.1"Does anyone know how to fix this error? It is causing a large amount of mail to be unreceived. Thanks.
Last edited by t_wrex (2022-12-18 06:34:40)
Offline
#2 2022-12-07 07:22:13
- -thc
- Member
- Registered: 2017-03-15
- Posts: 775
Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"
This thread shows that it's a specific form of miscommunication between OpenSSL and the application.
[OpenSSL] 3.0.x requires the application to set the SSL_OP_IGNORE_UNEXPECTED_EOF to ignore the error.
Downgrading to OpenSSL 1.1.1q may fix this issue.
Offline
#3 2022-12-07 12:01:21
- t_wrex
- Member
- Registered: 2020-03-27
- Posts: 34
Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"
OK so how would I go about doing that? The only version in the repos of 1.1.1 is "s". And then, how would I tell Postfix to use the 1.1.1 version of openssl?
Offline
#4 2022-12-07 12:34:42
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 23,893
Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"
This wouldn't be a good idea anyway and wouldn't help since the Arch version of postfix is built against openssl3. You should report this to the postfix developers, in the mean time, what you should be able to do is set the tls_ssl_options parameter in your main.cf to the value of 0x80 to enable SSL_OP_IGNORE_UNEXPECTED_EOF https://github.com/openssl/openssl/blob … .h.in#L339
Last edited by V1del (2022-12-07 14:05:15)
Online
#5 2022-12-08 02:02:33
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,224
Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"
Upstream discussed the issue and there was a proposed patch https://www.mail-archive.com/postfix-us … 95805.html
Offline
#6 2022-12-18 06:28:00
- t_wrex
- Member
- Registered: 2020-03-27
- Posts: 34
Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"
This wouldn't be a good idea anyway and wouldn't help since the Arch version of postfix is built against openssl3. You should report this to the postfix developers, in the mean time, what you should be able to do is set the tls_ssl_options parameter in your main.cf to the value of 0x80 to enable SSL_OP_IGNORE_UNEXPECTED_EOF https://github.com/openssl/openssl/blob … .h.in#L339
Thank you, I was able to work around the bug by setting the tls_ssl_options to 0x80, I had initially tried 0x70 but 0x80 was the correct one.
Offline
#7 2023-02-21 13:07:36
- t_wrex
- Member
- Registered: 2020-03-27
- Posts: 34
Re: [SOLVED] Postfix randomly failling TLS- "unexpected eof while reading"
Whaddya know, I reported this on the Postfix mailing list and it actually got fixed 
https://www.postfix.org/announcements/p … 3.7.4.html
Last edited by t_wrex (2023-02-21 13:08:10)
Offline