Postfix/Dovecot can't send or receive mail

Question

The error in mail.log says "dovecot Failed to establish relay connection in=0 out=22 (state=GREETING)" Using Dovecot 2.3.7.2

# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.14.17-x86_64-linode150 x86_64 Ubuntu 20.04.3 LTS 
# Hostname: mail.servicemouse.com
auth_verbose = yes
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap lmtp sieve pop3 submission"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
submission_relay_host = 127.0.0.1
submission_relay_ssl = starttls
submission_relay_trusted = yes
userdb {
  driver = passwd
}

Nov 20 23:17:20 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:56956 [1]: Connection lost: read(SSL (conn:71.6.165.200:56956,id=1)) failed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
Nov 20 23:17:20 mail dovecot: submission-login: Read failure: user=<>, rip=71.6.165.200, lip=45.79.79.188, TLS handshaking: SSL_accept() syscall failed: Invalid argument, session=<W4HTyETRfN5HBqXI>
Nov 20 23:17:20 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:57030 [1]: Connection lost: read(SSL (conn:71.6.165.200:57030,id=1)) failed: SSL_accept() failed: error:142090FC:SSL routines:tls_early_post_process_client_hello:unknown protocol
Nov 20 23:17:20 mail dovecot: submission-login: Read failure: user=<>, rip=71.6.165.200, lip=45.79.79.188, TLS handshaking: SSL_accept() syscall failed: Invalid argument, session=<3FXVyETRxt5HBqXI>
Nov 20 23:17:21 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:57080 [1]: Connection lost: read(SSL (conn:71.6.165.200:57080,id=1)) failed: SSL_accept() failed: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
@                                                                               

Answer 1

I think you got (at least) two problems. Your MX record is likely unintended:

mail.servicemouse.com.    3266 IN  MX  2   servicemouse.com.

I suspect you meant to configure the server called "mail" as the exchange for the unprefixed domain, not the other way around. Usually MX records are setup like this in a zone file:

@    3600 IN  MX  2   mail.servicemouse.com.

The other issue sounds like whatever is connecting to the submission proxy of Dovecot is attempting to establish unacceptable transport security options. You can use openssl s_client -connect hostname:port to test transport security independently from your mail client software, don't forget to specify the corresponding -starttls option if you are using such legacy compatibility options.

To learn more about TLS problems from the server side, increase logging levels, e.g. verbose_ssl=yes. Remember the disable this again if you do not need it, it can get rather verbose and you are going to see warning not just about your own connection attempts, but about other internet background noise hitting your server.