后缀：SSL_accept：SSLv2/v3 读取客户端 hello A 时出错

几周前，在迁移到安装了最新软件的新服务器后，我注意到日志中出现了以下几行（其中包括，它允许我最终禁用已弃用的 SSL/TLS 版本）：

Apr 18 13:31:24 myhostname postfix/smtpd[1641]: connect from relay2.uni-heidelberg.de[129.206.119.212]
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: setting up TLS connection from relay2.uni-heidelberg.de[129.206.119.212]
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: relay2.uni-heidelberg.de[129.206.119.212]: TLS cipher list "AES128+EECDH:AES128+EDH"
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: SSL_accept:before/accept initialization
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: SSL_accept:error in SSLv2/v3 read client hello A
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: SSL_accept error from relay2.uni-heidelberg.de[129.206.119.212]: -1
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:650:
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: lost connection after STARTTLS from relay2.uni-heidelberg.de[129.206.119.212]
Apr 18 13:31:25 myhostname postfix/smtpd[1641]: disconnect from relay2.uni-heidelberg.de[129.206.119.212]

从那时起，这些行就一直在重复出现。但是，来自其他邮件服务器（包括 Gmail）的电子邮件已经通过，因此似乎这个问题仅限于这个特定的客户端。但今天，当亚马逊和 Facebook 邮件服务器连接时，我注意到了类似的日志消息。（不过，有趣的是，它们随后会立即重新连接 - 有时来自不同的主机 - 然后它就可以正常工作了。）

我能做些什么来解决这些问题或者让电子邮件继续发送吗？

我正在运行 Postfix 2.11.3。

输出$ postconf -n：

append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
default_process_limit = 5
dovecot_destination_recipient_limit = 1
enable_original_recipient = yes
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/lib/dovecot/deliver -m "${EXTENSION}"
mailbox_size_limit = 0
message_size_limit = 52428800
mydestination = *****, localhost
myhostname = *****
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
queue_minfree = 0
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 2
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_unknown_client_hostname
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:localhost:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = ******
smtpd_tls_ciphers = medium
smtpd_tls_eecdh_grade = strong
smtpd_tls_key_file = ******
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_medium_cipherlist = AES128+EECDH:AES128+EDH
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
virtual_gid_maps = static:994
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 1073741824
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:994