postfix dovecot tls error

after google more about postfix and openssl 3 and see that
version 3.7 support openssl 3

URL: https://www.postfix.org/announcements/postfix-3.7.0.html
Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.

From Release notes:
URL: https://github.com/tmtm/postfix/blob/master/RELEASE_NOTES

[Feature 20210926] Postfix was updated to support OpenSSL 3.0.0 API
features, and to work around OpenSSL 3.0.0 bit-rot (avoid using
deprecated API features).

It look like the version mismatch of postfix and openssl version.
From the above it look like postfix version 3.7 is first version to
support openssl 3

That looks very similar to https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1981457

I think it is.

Can a patch for postfix be done also ?

On Tuesday, November 1, 2022 12:04:52 AM EDT mike Bernson wrote:
> after google more about postfix and openssl 3 and see that
> version 3.7 support openssl 3
>
>
> URL: https://www.postfix.org/announcements/postfix-3.7.0.html
> Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.
>
> From Release notes:
> URL: https://github.com/tmtm/postfix/blob/master/RELEASE_NOTES
>
> [Feature 20210926] Postfix was updated to support OpenSSL 3.0.0 API
> features, and to work around OpenSSL 3.0.0 bit-rot (avoid using
> deprecated API features).
>
> It look like the version mismatch of postfix and openssl version.
> From the above it look like postfix version 3.7 is first version to
> support openssl 3

Postfix 3.7 is in Debian unstable, so this can be resolved for future releases
by syncing from Debian. For this release though, I don't know what the best
solution is.

Scott K

How about creating a ppa for 3.7 version of postfix ?

I'm not involved in Ubuntu development anymore, so I'll leave that question to someone who is, but I think it would be better to come up with an in-archive solution since that would benefit all Ubuntu users of the package.

how about creating postfix3.7 package. That way only user with problem in 3.6 version could
upgrade to more current version.

Also how about backporting the fixes for openssl 3 into 3.6 but I have not idea how hard
that might be ?

Hi Mike,

Thanks for reporting this one.

As Simon mentioned, we have seen similar issues with nginx, php (https://bugs.launchpad.net/ubuntu/+source/php8.1/+bug/1975626), and maybe a couple other components.

The way forward here would be to find the upstream commits that fix the issue and check if we can backport them to jammy. A first step here would be to get a minimal reproducer for the bug. Would you be able to provide one?

In the mean while, I am adding this bug to the server team backlog so we can act on it soon.

openssl s_client --connect server-name:25 -starttls smtp
control-c

log message:
Nov 2 13:32:05 mail postfix/smtpd[18707]: Anonymous TLS connection established from mike-think.mlb.org[192.168.1.48]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256Nov 2 13:32:07 mail postfix/smtpd[18707]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:

postfix 3.7 is now in lunar-proposed (3.7.3-2). Testing whether that version actually fixes the issue in Ubuntu may help delivering the Jammy (and Kinetic) fix. Thanks!

Thanks, Mike!

The logs do help to understand the issue. At a first glance, this seems to be related to the SSL EOF issue we did address in other packages for jammy/kinetic, such as php and nginx.

Hi all,

I was looking for the fix on postfix 3.7 version to make a patch from it, and I don't find the use of SSL_OP_IGNORE_UNEXPECTED_EOF that seems to fix issues where this behaviour arose (like the one for nginx commented above).

Also, I checked the 20210926 [1] and 20220724 [2] which are related to SSL3 on the postfix-3.7.3.HISTORY file just in case, with no luck.

Then... Are we right in saying that the postfix on Lunar fixed this issue? The answer is no.

I used the steps to reproduce from comment #10: I got the following:

#Checking environment

root@LpostfixSSL-EOF:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Lunar Lobster (development branch)
Release: 23.04
Codename: lunar

root@LpostfixSSL-EOF:~# dpkg -l | grep postfix
ii postfix 3.7.3-2 amd64 High-performance mail transport agent

root@LpostfixSSL-EOF:~# dpkg -l openssl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-==============-============-====================================================
ii openssl 3.0.5-2ubuntu1 amd64 Secure Sockets Layer toolkit - cryptographic utility
root@LpostfixSSL-EOF:~#

#Reproducing the issue:

root@LpostfixSSL-EOF:~# openssl s_client --connect localhost:25 -starttls smtp
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = LpostfixSSL-EOF.lxd
verify return:1

Certificate chain
0 s:CN = LpostfixSSL-EOF.lxd
i:CN = LpostfixSSL-EOF.lxd
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Nov 24 14:54:58 2022 GMT; NotAfter: Nov 21 14:54:58 2032 GMT

Server certificate
-----BEGIN CERTIFICATE-----
MIIDFjCCAf6gAwIBAgIUYn1GqNFGey6d0kiMEMZLkjVxIo4wDQYJKoZIhvcNAQEL
BQAwHjEcMBoGA1UEAwwTTHBvc3RmaXhTU0wtRU9GLmx4ZDAeFw0yMjExMjQxNDU0
NThaFw0zMjExMjExNDU0NThaMB4xHDAaBgNVBAMME0xwb3N0Zml4U1NMLUVPRi5s
eGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBVO9Ra4EftgYEyhL6
MG25Bm3gUyugXhlkQn9O6/fkIFvZeHb8haXoqieef51fsrcN/aBYXpUcAkLyz5sl
BW7/iA/hcn30AQc+fXO6BATykVm+mumbaQ7NgDru9xVGXPc80WpdFo6D2Pd2AkZF
f42DVcMuantKhqbr/YfUnSK9QlSaAjawpchLjfKSlOCuG3/Plaldcm4koSfq8AJD
pzR16yv8jQSVzGFAu9LdixchaPlmJ5SfgS+G+ph4yh7Dq9U+2Tdq5cO3gPCaymqn
OxkZYUhIvHcsklQnaaLjaz6z/iDRmKmKNsf7dUrHXaEI4E0iV6DPShfPQlhyBQD7
hxqJAgMBAAGjTDBKMAkGA1UdEwQCMAAwHgYDVR0RBBcwFYITTHBvc3RmaXhTU0wt
RU9GLmx4ZDAdBgNVHQ4EFgQUHHr4AEDKDE8T/RFEc5yYPWT+b0owDQYJKoZIhvcN
AQELBQADggEBAKjDbZlOZhJAu+CibgvmpDBNFvqt8rczV+eE+lUm/5HIymmGk/hz
FGwgCNfyGACQtiDEAigvwuWzWITU05gQ3DRwJSCBmUJ3VNs5RTJXd0ZHcJfoNptj
BSiwsaNIqPTd628E8OYea8sjLV7b4t5gUv+za1Vx4zLC3RfbNvoLHu3oyIyV3tGL
DVy7YoAAyYjVjoYb2/BUy2pawvT+m2iz9+6NULYq8pA0a6CyXG6B7lU0yDwBqf/A
WTBWy+2oHTNFn2mMB2JaLugO3QB7LbhBgQG/sxfNSBclblb/+zXOyAIayWmMc346
xaGmvcWx6KAgSbIWIXp9Vxz9kOCE3jg1vQw=
-----END CERTIFICATE-----
subject=CN = LpostfixSSL-EOF.lxd
issuer=CN = LpostfixSSL-EOF.lxd

No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits

SSL handshake has read 1598 b...

I implemented a solution that is working in the three affected series. Still, I also found the issue was reported to Debian [1] and also to the postfix-users mail list, with a similar proposed fix [2] by Viktor Dukhovni (postfix GitHub is under his name [3] with the latest update last week). I replied to the issue in the postfix mail list by proposing the patch I did [4] or any other solution they consider more convenient.

The idea would be that we can get the fix downstream if they apply a solution of their choice.

As I said, checking the fix (i.e.) in Lunar: OK, We won't get more warnings in the log.

#bug verified as in the previous comment

#adding new package with proposed patch

root@Lpostfix-eof:~# sudo add-apt-repository ppa:mirespace/postfix-lp1995312-unexpected-eof
[...]
root@Lpostfix-eof:~# apt update
[...]
root@Lpostfix-eof:~# apt upgrade
[...]
root@Lpostfix-eof:~#

#Connection
root@Lpostfix-eof:~# openssl s_client --connect localhost:25 -starttls smtp
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = Lpostfix-eof.lxd
verify return:1
---
Certificate chain
 0 s:CN = Lpostfix-eof.lxd
   i:CN = Lpostfix-eof.lxd
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 18 15:53:58 2023 GMT; NotAfter: Jan 15 15:53:58 2033 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=CN = Lpostfix-eof.lxd
issuer=CN = Lpostfix-eof.lxd
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1583 bytes and written 406 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol : TLSv1.3
    Cipher : TLS_AES_256_GCM_SHA384
    Session-ID: ******
    Session-ID-ctx:
    Resumption PSK: *****
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    [...]
    Start Time: 1674057363
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

# Killing connection
^C

#Checking no more warnings A00016 were added

root@Lpostfix-eof:~# grep warning /var/log/mail.log
2023-01-18T15:54:58.608471+00:00 Lpostfix-eof postfix/smtpd[4818]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
root@Lpostfix-eof:~#

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011040
[2] https://marc.info/?l=postfix-users&m=165521978811516&w=2
[3] https://github.com/vdukhovni/postfix
[4] https://git.launchpad.net/~mirespace/ubuntu/+source/postfix/commit/?h=postfix-lp1995312-SSL_EOF-lunar&id=e6e0e3f861371cb420ddbad20622b417ebbbb208

Good news: We got a reply on the postfix mail list.

"SSL_OP_IGNORE_UNEXPECTED_EOF will be enabled in the upcoming
stable releases, expected by this weekend.

        Wietse" [1]

We'll wait for it to apply the final solution chosen by postfix.

[1] https://<email address hidden>/msg97759.html

Fixed in https://github.com/vdukhovni/postfix/commit/88b27d0e9076060f592992230c3af7d76c9dfe40

On Monday, January 23, 2023 9:43:27 AM EST you wrote:
> Fixed in
> https://github.com/vdukhovni/postfix/commit/88b27d0e9076060f592992230c3af7d7
> 6c9dfe40

Which is part of postfix 3.7.4, which I uploaded to Debian yesterday.
Launchpad doesn't seem to know about it yet. Presumably that gets sync'ed to
Lunar at some point.

It's probably identical, but I would suggest looking at the 3.6 branch to get
the fix for Jammy/Kinetic. You might also consider an SRU to update to 3.6.8.
When I was involved with Ubuntu development, we typcially just updated postfix
to the new version.

Scott K

Hi Scott,

I would like to do the MRE, so I'm looking for a mentor and sponsor to go for it in Jammy and Kinetic. If I don't get one in a reasonable amount of time, I should go for an SRU first and try the MRE later.

I'll keep you posted.

Miriam

This bug was fixed in the package postfix - 3.7.4-2

---------------
postfix (3.7.4-2) unstable; urgency=medium

  [Christian Göttsche]

  * Add patch to disable LD_LIBRARY_PATH check
  * Update postfix homepage supporting https
  * Merge restorecon calls
  * d/postinst: fix mixed indentation
  * Quote variables and command output in scripts
  * Drop upgrade handling against ancient versions
  * Drop unnecessary script include
  * Do not manually stop and restart postfix.service
  * Switch to PCRE2 (Closes: #999988)

  [Scott Kitterman]

  * Build depend on libldap-dev instead of transitional libldap2-dev
  * Update lintian overrides
  * Drop ancient Breaks/Replaces on postfix 3.1.3-7~

 -- Scott Kitterman <email address hidden> Tue, 24 Jan 2023 09:33:52 -0500

With postfix 3.6.4-1ubuntu1, connecting to postfix and aborting the connection using:

$ openssl s_client -connect <container-ip>:25 -starttls smtp
Ctrl-C

Causes the following warning to show in the logs:

postfix/smtpd[2870]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:

With @mirespace PPA (https://launchpad.net/~mirespace/+archive/ubuntu/postfix-mre-3.6.8-j-k) enabled and postfix upgraded:

Calculating upgrade... Done
The following packages will be upgraded:
   postfix (3.6.4-1ubuntu1 => 3.6.8-1ubuntu0.22.04~ppa1)
   postfix-cdb (3.6.4-1ubuntu1 => 3.6.8-1ubuntu0.22.04~ppa1)

The same aborted connection no longer result in "unexpected eof" warning in the logs.

Thank you Miriam!

Depending on what version you're upgrading from, you'll probably hit this issue:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026394

You should either notify users which install the upgrade somehow or revert that one change. As you can see, we got caught on it in Debian since I didn't pick up this might affect user configurations.

Thanks Scott!

I am upgrading from 3.6.4 to 3.6.8 and I see in the HISTORY file the "cleanup (issue introduced: postfix 2.7): milter_header_checks", so it would be affected.

I'm working on a patch for reverting that change.

The changelog for this SRU states:

+ - KNOWN ISSUE: Changed behaviour when using milter blacklist
+ files as they need to be moved relative to / instead of
+ being used from the former location inside chroot
+ (/var/spool/postfix) (LP: 2009681).

Microrelease exceptions are based on the tradeoff of delegating testing to upstream in order to have more current bugfixed software in the distribution.

It does NOT give a pass to known regressions.

As this change will break the behavior of existing installs when upgrading to a package in -updates, it is not suitable for an SRU. Documenting the change in the changelog is not sufficient.

Rejecting this upload.

An upload of postfix to kinetic-proposed has been rejected from the upload queue for the following reason: "Contains a known functional regression".

Working on patching 3.6.4 for new submission as SRU (not MRE) then...

Using your test PPA (https://launchpad.net/~mirespace/+archive/ubuntu/postfix-lp1995312-unexpected-eof) on a Jammy container running on a (Jammy) host:

# uname -a
Linux mail 5.19.0-38-generic #39~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 17 21:16:15 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
# apt-get update && apt-get dist-upgrade
...
The following packages will be upgraded:
   postfix (3.6.4-1ubuntu1 => 3.6.4-1ubuntu2+ppa2)
   postfix-cdb (3.6.4-1ubuntu1 => 3.6.4-1ubuntu2+ppa2)
...

I'm happy to report that it fixed the `warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:` when aborting a TLS connection uncleanly.

I tested both with `openssl s_client -starttls smtp` and `nc -zv 127.0.0.1 465` and both caused the "unexpected eof" prior to the update and both no longer cause any warning after applying the update.

So thanks for your work (and persistence)!

Hello mike, or anyone else affected,

Accepted postfix into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello mike, or anyone else affected,

Accepted postfix into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Jammy verified successfully by following the detailed test case in the SRU template:

1) reproduce with postfix 3.6.4-1ubuntu1
2) install postfix 3.6.4-1ubuntu1.1 from -proposed
...
Get:5 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 postfix amd64 3.6.4-1ubuntu1.1 [1,245 kB]
3) try to reproduce, no more warning, all good, thanks!

Kinetic verified successfully by following the detailed test case in the SRU template:

1) reproduce with postfix 3.6.4-1ubuntu2
2) install postfix 3.6.4-1ubuntu2.1 from -proposed
...
Get:5 http://archive.ubuntu.com/ubuntu kinetic-proposed/main amd64 postfix amd64 3.6.4-1ubuntu2.1 [1,234 kB]
3) try to reproduce, no more warning, all good, thanks!

Thanks Simon!

This bug was fixed in the package postfix - 3.6.4-1ubuntu2.1

---------------
postfix (3.6.4-1ubuntu2.1) kinetic; urgency=medium

  * d/p/1995312-unexpected-eof-fix.patch: Workaround for a breaking
    change in OpenSSL 3: always turn on SSL_OP_IGNORE_UNEXPECTED_EOF,
    to avoid warning messages and missed opportunities for TLS
    session reuse. This is safe because the SMTP protocol implements
    application-level framing, and is therefore not affected
    by TLS truncation attacks. Fix by Viktor Dukhovni (LP: #1995312).
  * d/p/1996524-Linux6-support.patch: Adding LINUX6 support for
    portability (LP: #1996524).

 -- Miriam España Acebal <email address hidden> Mon, 10 Apr 2023 13:19:10 +0200

The verification of the Stable Release Update for postfix has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package postfix - 3.6.4-1ubuntu1.1

---------------
postfix (3.6.4-1ubuntu1.1) jammy; urgency=medium

  * d/p/1995312-unexpected-eof-fix.patch: Workaround for a breaking
    change in OpenSSL 3: always turn on SSL_OP_IGNORE_UNEXPECTED_EOF,
    to avoid warning messages and missed opportunities for TLS
    session reuse. This is safe because the SMTP protocol implements
    application-level framing, and is therefore not affected
    by TLS truncation attacks. Fix by Viktor Dukhovni (LP: #1995312).
  * d/p/1996524-Linux6-support.patch: Adding LINUX6 support for
    portability (LP: #1996524).

 -- Miriam España Acebal <email address hidden> Mon, 10 Apr 2023 13:35:27 +0200