"TLS library problem" drops incoming mail when sender uses RC4-MD5 cipher

Bug #1001040 reported by Eric Lambart on 2012-05-17
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
postfix (Ubuntu)
Medium
Unassigned

Bug Description

Everytime my email server (Ubuntu Server 12.04) receives an email sent from google.com (e.g. gmail) using TLS with the RC4-MD5 cipher, it fails. Here is the output of once such interaction.

I have set smtpd_tls_loglevel=2 in /etc/postfix/main.cf in hopes this will help. Note that I have replaced my actual hostname with 'myhostname'

May 17 15:43:02 myhostname postfix/smtpd[28328]: initializing the server-side TLS engine
May 17 15:43:02 myhostname postfix/smtpd[28328]: connect from mail-yw0-f47.google.com[209.85.213.47]
May 17 15:43:03 myhostname postfix/smtpd[28328]: setting up TLS connection from mail-yw0-f47.google.com[209.85.213.47]
May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:before/accept initialization
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client hello A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server hello A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write certificate A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server done A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client key exchange A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read finished A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write change cipher spec A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write finished A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data
May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: save session DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp to smtpd cache
May 17 15:43:03 myhostname postfix/tlsmgr[28319]: put smtpd session id=DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17 780133B84CE85D295&s=smtp [data 127 bytes]
May 17 15:43:03 myhostname postfix/tlsmgr[28319]: write smtpd TLS cache entry DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp: time=1337294583 [data 127 bytes]
May 17 15:43:03 myhostname postfix/smtpd[28328]: Anonymous TLS connection established from mail-yw0-f47.google.com[209.85.213.47]: TLSv1 with cipher RC4-MD5 (128/128 bits)
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL3 alert read:fatal:bad record mac
May 17 15:43:03 myhostname postfix/smtpd[28328]: warning: TLS library problem: 28328:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20:
May 17 15:43:03 myhostname postfix/smtpd[28328]: lost connection after EHLO from mail-yw0-f47.google.com[209.85.213.47]
May 17 15:43:03 myhostname postfix/smtpd[28328]: disconnect from mail-yw0-f47.google.com[209.85.213.47]

At least one other user is encountering this problem, as discussed here:

http://ubuntuforums.org/showthread.php?t=1981839

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: postfix 2.9.1-4
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Thu May 17 16:02:33 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
ProcEnviron:
 TERM=xterm
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: postfix
UpgradeStatus: No upgrade log present (probably fresh install)

Eric Lambart (ubuntu-nomeaning) wrote :
description: updated
Eric Lambart (ubuntu-nomeaning) wrote :

This server has only been running a couple days. I initially performed all my testing for emails sent from "outside" using gmail.com and it seemd that my emails came through no problem.

I now see that google.com also uses cipher ECDHE-RSA-RC4-SHA, and messages received (by me) using this cipher do not error out and seem to arrive just fine.

Eric Lambart (ubuntu-nomeaning) wrote :

Using self-signed certificate...

Eric Lambart (ubuntu-nomeaning) wrote :

Have circumvented the problem by adding "smtpd_tls_exclude_ciphers = RC4-MD5" to my /etc/postfix/main.cf.

Google is now using RC4-SHA instead, and I've experienced no further problems so far.

Obviously this may not be a postfix bug (it seems openssl-related issues can even be cause by compiler optimization or other issues and it seems likely in any case that the bug is in the openssl library that postfix is using) but I am more than willing to help diagnose it, whatever package it belongs in. It should be 100% reproducible if I stop the cipher exclusion unless google changes something on their end.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in postfix (Ubuntu):
status: New → Confirmed
Scott Kitterman (kitterman) wrote :

Please try postfix 2.9.3 from my PPA: https://launchpad.net/~kitterman/+archive/ppa to see if that solves your problem as it has some openssl integration fixes.

Changed in postfix (Ubuntu):
importance: Undecided → Medium
Jargon Scott (jarglpa) wrote :

Today I upgraded to postfix 2.9.3-2~12.04.1. I can't tell whether or not I am still affected by this bug.

I have commented out from main.cf the temporary workaround that I have been using since the problem first appeared in May 2012 ("smtpd_tls_exclude_ciphers = RC4-MD5").

I have sent myself three test emails from Gmail, but on none of these emails has the sender tried using the RC4-MD5 cipher. (All three have used ECDHE-RSA-RC4-SHA .

Scott (or others): Is there a way I can configure postfix to accept *only* the RC4-MD5 cipher? I'm willing to change my postfix configuration to something goofy for a few minutes so that I can send myself another test email.

Trent Gamblin (goobliata) wrote :

Just as a side note here, I have the same problem with postfix. I also have the problem with Dovecot and Apache, and I assume anything using the RC4-MD5 cipher. So far I've disabled it in those 3 and things are working, except my Android tablet can't connect to my mail server because that's the only cipher it tries. This has been affecting me for months now. Today was the first time I noticed it in Apache (on HTTPS pages only on the Android browser.)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers