问题：

这是来自Postfix的日志，smtpd_tls_loglevel =2：

belette64 postfix/smtpd[145475]: connect from smtp.misconfigured.fr[XX.XX.XX.XX]


belette64 postfix/smtpd[145475]: setting up TLS connection from smtp.misconfigured.fr[XX.XX.XX.XX]


belette64 postfix/smtpd[145475]: smtp.misconfigured.fr[XX.XX.XX.XX]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"


belette64 postfix/smtpd[145475]: SSL_accept:before SSL initialization


belette64 postfix/smtpd[145475]: SSL_accept:before SSL initialization


belette64 postfix/smtpd[145475]: SSL3 alert write:fatal:handshake failure


belette64 postfix/smtpd[145475]: SSL_accept:error in error


belette64 postfix/smtpd[145475]: SSL_accept error from smtp.misconfigured.fr[XX.XX.XX.XX]: -1


belette64 postfix/smtpd[145475]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../ssl/statem/statem_srvr.c:2282:


belette64 postfix/smtpd[145475]: lost connection after STARTTLS from smtp.misconfigured.fr[XX.XX.XX.XX]

答案1：

你可以添加一个单独的TLS-ignorant服务器，

smtp inet n - y - - smtpd


10025 inet n - y - - smtpd


 -o syslog_name=postfix/smtpd/badstarttls


 -o smtpd_tls_security_level=none


 -o smtpd_helo_required=yes


 -o smtpd_helo_restrictions=pcre:/etc/postfix/helo_badstarttls_allow.pcre,reject

• 重定向到其他端口通过-A PREROUTING .. -j REDIRECT --to-port .. 在iptables中；或者在nftables中：

tcp dport 25 ip protocol tcp ip saddr { XX.XX.XX.XX } redirect to :10025