Symptoms
Old mail client such as Outlook 2007 is not able to send a mail via SSL/TLS.
/var/log/maillog
contains the following error message from Postfix and Courier:
courier-imaps: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
postfix/smtpd[17918]: warning: TLS library problem: 21146:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
or
postfix/smtpd: warning: TLS library problem: 7346:error:1408F10B:SSL routlines: SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1387
Cause
SSLv3 support was disabled.
Resolution
Update Outlook version.
OR
Connect to the server using SSH and enable backward compatibility with old mail clients:
-
Set
TLS_PROTOCOL=SSL23
in/etc/courier-imap/pop3d-ssl
and/etc/courier-imap/imapd-ssl
.Note .
SSL23
will enable all SSL/TLS protocols. -
Edit
/etc/postfix/main.cf
and set the following:smtp_tls_security_level = may
tls_medium_cipherlist = MEDIUM:!aNULL:!MD5 -
Reload both Postfix and Courier services:
# service postfix reload && service courier reload