Hodžův blog

After installing the October update (KB5018410), customers started reporting to us that they were unable to send mail from Outlook using SMTP TLS (port 587). The email client only displays the error message: 0x800CCC1A and postfix writes in the log:

Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: connect from my.private.ip.[xxx.xxx.xxx.xxx]
Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: SSL_accept error from my.private.ip[xxx.xxx.xxx.xxx]: lost connection
Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: lost connection after STARTTLS from my.private.ip[xxx.xxx.xxx.xxx]
Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: disconnect from my.private.ip[xxx.xxx.xxx.xxx] ehlo=1 starttls=0/1 commands=1/2

The following facts are interesting:
1. There is no problem with the IMAP protocol
2. On other servers with the same configuration and the same version of the libraries, everything works without a problem
3. Regeneration of the certificate (I use Let’s Encrypt) did not solve the problem, but with a certificate from another server, everything works again without a problem

At first I waited for a solution from Microsoft, which traditionally did not come. In the end, it was enough to slightly modify the Postfix configuration file (add the tls_ssl_options option for submission in master.cf) to temporarily solve the problem.

submission inet n - n - - smtpd
...
-o tls_ssl_options=NO_TICKET
...

Don’t forget to restart postfix after editing the configuration file.