Postfix warning: run-time library vs. compile-time header version mismatch

aaP_marvin26camarillo

Hello. Anyone here knows what is this Postfix warning notice log?

Sep 3 08:24:11 bookingwebapp postfix/smtpd[22910]: warning: run-time library vs. compile-time header version mismatch: OpenSSL 3.2.0 may not be compatible with OpenSSL 3.0.0

Anyone here can help me solve this issue?

aaPanel_Kern

Hello, what version of your operating system is?
What is the default openssl version of the system? What is the version of postfix?

aaP_marvin26camarillo

Operating System: Oracle 9 Linux Red Hat Enterprise 9.6 (Plow) aarch64(Py3.12.3)
openssl version: OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)
Postfix version: mail_version = 3.5.25

aaPanel_Kern

Hello,
Does it affect usage? If it does not affect the use, it is recommended that you ignore it

aaP_marvin26camarillo

As of now, I did not affect any usage. Sending and receiving email message are functioning well.

But right now, I need to test something like, requirement for Key exchange parameters, Diffie-Hellman key exchange, ECDHE

Here is the code of my Postfix

smtpd_client_restrictions = check_sasl_access hash:/pathtofile/sasl_access permit_tls_clientcerts
// http://mirror.postfix.jp/postfix-master/FORWARD_SECRECY_README.html
// https://www.postfix.org/FORWARD_SECRECY_README.html
// smtpd_tls_security_level = may
smtpd_tls_security_level = encrypt
// smtpd_tls_dh1024_param_file = /pathtofile/dh2048.pem
smtpd_tls_dh512_param_file = /pathtofile/dh512.pem
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtp_tls_ciphers = high

aaP_marvin26camarillo

Now, I made a strong Diffie-Hellman key exchange, ECDHE parameter encryption by implementing Postfix DNSSEC AND Dane

Reference Url: https://www.sidn.nl/en/news-and-blogs/hands-on-implementing-dane-in-postfix

Here is the Postfix Code:

smtp_tls_cert_file = /etc/pki/tls/certs/postfix-rsa.cert
smtp_tls_key_file = /etc/pki/tls/private/postfix-rsa.key
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix-rsa.cert
smtpd_tls_eccert_file = /etc/pki/tls/certs/postfix-ecdsa.cert
smtpd_tls_key_file = /etc/pki/tls/private/postfix-rsa.key
smtpd_tls_eckey_file = /etc/pki/tls/private/postfix-ecdsa.key
smtpd_tls_security_level = encrypt
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
    
tls_ssl_options = NO_COMPRESSION, 0x40000000
tls_preempt_cipherlist = yes

smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high
smtpd_tls_exclude_ciphers =
      EXP, LOW, MEDIUM,
      aNULL, eNULL, SRP, PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA, SEED, ARIA, CAMELLIA, AESCCM8, 3DES,
      ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256,
      MD5, SHA
smtpd_tls_eecdh_grade = ultra
smtpd_tls_dh1024_param_file = /www/WebFiles/Postfix/BWA/dhparams4096.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache

smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtp_tls_exclude_ciphers =
      EXP, LOW, MEDIUM,
      aNULL, eNULL, SRP, PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA, SEED, ARIA, CAMELLIA, AESCCM8, 3DES,
      ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256,
      MD5, SHA
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
# LMTP from your server to others
lmtp_tls_note_starttls_offer = yes
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_ciphers = high
lmtp_tls_mandatory_ciphers = high
lmtp_tls_exclude_ciphers =
      EXP, LOW, MEDIUM,
      aNULL, eNULL, SRP, PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA, SEED, ARIA, CAMELLIA, AESCCM8, 3DES,
      ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256,
      MD5, SHA
lmtp_tls_loglevel = 1
lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache

# validate DANE
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane