Since April 30, I'm seeing errors like that in my mail log:
May 1 02:27:27 afaron postfix/smtpd[2644268]: connect from r137.info.hofer.at[66.117.17.137]
May 1 02:27:27 afaron postfix/smtpd[2644268]: SSL_accept error from r137.info.hofer.at[66.117.17.137]: -1
May 1 02:27:27 afaron postfix/smtpd[2644268]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45:
May 1 02:27:27 afaron postfix/smtpd[2644268]: lost connection after STARTTLS from r137.info.hofer.at[66.117.17.137]
May 1 02:27:27 afaron postfix/smtpd[2644268]: disconnect from r137.info.hofer.at[66.117.17.137] ehlo=1 starttls=0/1 commands=1/2
As far as I can grasp it, r137.info.hofer.at[66.117.17.137] refuses to send mail to my server, because it claims my SSL certificate would be expired.
I use a letsencrypt certificate. I double-checked if the latest one is actually used by postfix, and it is. It's not expired. I even tried to force-update the cert, but the errors re-appeared. When I run openssl s_client -starttls smtp -showcerts -connect mail.l3u.de:25 -servername mail.l3u.de, I get a valid TLS session ticket.
Until now, r137.info.hofer.at[66.117.17.137] is the only mail server complaining. Im tried send mail from and to gmx.de, web.de, t-online.de, gmail.com, yahoo.com and outlook.de. All without a problem, both sending and receiving.
How can I track this down? Can this be some local problem due to some outdated cert in the chain of trust for my sertificate on my server? And how can I find it? Or is this a remote problem?
