[AMaViS-user] Amavisd-new and TLS problem

Jordi Espasa Clofent Sat, 28 Jul 2007 04:22:26 -0700

Hi all,

I'm setting up a CentOS box with the next mailserver combination:
Postfix+Amavisd-new+ClamAV+Spamassassin


An encrypted communications are a requisite, so I've  already configured 
IMAP+SSL (port 993) and SMTP+SSL (port 465).
The system works well if I've amavisd-new deactived:

Jul 28 13:16:58 mail postfix/smtpd[20202]: initializing the server-side 
TLS engine
Jul 28 13:16:58 mail postfix/smtpd[20202]: connect from 
221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221]
Jul 28 13:16:58 mail postfix/smtpd[20202]: setting up TLS connection 
from 221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.
221]
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:before/accept 
initialization
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv2/v3 
read client hello A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client hello B
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client hello B
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 read client 
hello B
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write server 
hello A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write 
certificate A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write key 
exchange A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write server 
done A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 flush data
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client certificate A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client certificate A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 read client 
key exchange A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read certificate verify A
Jul 28 13:16:58 mail last message repeated 3 times
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 read finished A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write change 
cipher spec A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write finished A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 flush data
Jul 28 13:16:58 mail postfix/smtpd[20202]: TLS connection established 
from 221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247
.221]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 28 13:16:58 mail dovecot: auth(default): client in: AUTH    1 
PLAIN   service=smtp    resp=<hidden>
Jul 28 13:16:58 mail dovecot: auth-worker(default): mysql: Connected to 
localhost (openvispadmin)
Jul 28 13:16:58 mail dovecot: auth-worker(default): 
sql([EMAIL PROTECTED]): query: SELECT password FROM mailbox WHERE
username = '[EMAIL PROTECTED]'
Jul 28 13:16:58 mail dovecot: auth(default): client out: OK     1 
[EMAIL PROTECTED]
Jul 28 13:16:58 mail postfix/smtpd[20202]: E5A01D50274: 
client=221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221], sasl_
method=PLAIN, [EMAIL PROTECTED]
Jul 28 13:16:59 mail postfix/cleanup[20211]: E5A01D50274: 
message-id=<[EMAIL PROTECTED]>
Jul 28 13:16:59 mail postfix/qmgr[20200]: E5A01D50274: 
from=<[EMAIL PROTECTED]>, size=705, nrcpt=1 (queue active)
Jul 28 13:16:59 mail postfix/smtpd[20202]: disconnect from 
221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221]
Jul 28 13:17:03 mail postfix/smtp[20213]: E5A01D50274: 
to=<[EMAIL PROTECTED]>, relay=gmail-smtp-in.l.google.com[66.249.91.27
]:25, delay=4.5, delays=0.4/0.01/0.72/3.4, dsn=2.0.0, status=sent (250 
2.0.0 OK 1185621423 c22si1389232ika)
Jul 28 13:17:03 mail postfix/qmgr[20200]: E5A01D50274: removed

But, If I active amavisd-new service:

Jul 28 13:19:17 mail postfix/smtpd[20280]: TLS connection established 
from 221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247
.221]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 28 13:19:17 mail dovecot: auth(default): client in: AUTH    1 
PLAIN   service=smtp    resp=<hidden>
Jul 28 13:19:17 mail dovecot: auth-worker(default): 
sql([EMAIL PROTECTED]): query: SELECT password FROM mailbox WHERE
username = '[EMAIL PROTECTED]'
Jul 28 13:19:17 mail dovecot: auth(default): client out: OK     1 
[EMAIL PROTECTED]
Jul 28 13:19:17 mail postfix/smtpd[20280]: DDF9FD50274: 
client=221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221], sasl_
method=PLAIN, [EMAIL PROTECTED]
Jul 28 13:19:18 mail postfix/cleanup[20286]: DDF9FD50274: 
message-id=<[EMAIL PROTECTED]>
Jul 28 13:19:18 mail postfix/qmgr[20200]: DDF9FD50274: 
from=<[EMAIL PROTECTED]>, size=707, nrcpt=1 (queue active)
Jul 28 13:19:18 mail postfix/smtpd[20280]: disconnect from 
221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221]
Jul 28 13:19:18 mail postfix/smtpd[20291]: initializing the server-side 
TLS engine
Jul 28 13:19:18 mail postfix/smtpd[20291]: connect from tartarus[127.0.0.1]
Jul 28 13:19:18 mail amavis[20277]: (20277-01) Negative SMTP resp to 
DATA: 530 5.7.0 Must issue a STARTTLS command first
Jul 28 13:19:18 mail amavis[20277]: (20277-01) Negative SMTP resp. to 
QUIT: 530 5.7.0 Must issue a STARTTLS command first
Jul 28 13:19:18 mail amavis[20277]: (20277-01) (!)FWD via SMTP: 
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,BODY=7BIT
530 5.6.0 Failed, id=20277-01, from MTA([127.0.0.1]:10025): 530 5.7.0 
Must issue a STARTTLS command first
Jul 28 13:19:18 mail postfix/smtpd[20292]: initializing the server-side 
TLS engine
Jul 28 13:19:18 mail postfix/smtpd[20291]: disconnect from 
tartarus[127.0.0.1]
Jul 28 13:19:18 mail postfix/smtpd[20291]: connect from tartarus[127.0.0.1]
Jul 28 13:19:18 mail amavis[20277]: (20277-01) Negative SMTP resp to 
DATA: 530 5.7.0 Must issue a STARTTLS command first
Jul 28 13:19:18 mail amavis[20277]: (20277-01) Negative SMTP resp. to 
QUIT: 530 5.7.0 Must issue a STARTTLS command first
Jul 28 13:19:18 mail amavis[20277]: (20277-01) (!)SEND via SMTP: <> -> 
<[EMAIL PROTECTED]>,ENVID=AM..20070728T111918Z@
tartarus.opengea.org 530 5.6.0 Failed, id=20277-01, from 
MTA([127.0.0.1]:10025): 530 5.7.0 Must issue a STARTTLS command firs
t
Jul 28 13:19:18 mail amavis[20277]: (20277-01) (!)NOTICE: UNABLE TO SEND 
DSN to <[EMAIL PROTECTED]>: 530 5.7.0 Must is
sue a STARTTLS command first
Jul 28 13:19:18 mail amavis[20277]: (20277-01) Blocked MTA-BLOCKED, 
[88.11.247.221] [88.11.247.221] <[EMAIL PROTECTED]
 > -> <[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]>, 
mail_id: UJKjc5b0FyX3, Hits: 1.571, size: 707, 497 ms
Jul 28 13:19:18 mail postfix/smtpd[20291]: disconnect from 
tartarus[127.0.0.1]
Jul 28 13:19:18 mail postfix/smtp[20288]: DDF9FD50274: 
to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.91,
  delays=0.4/0.01/0.01/0.49, dsn=5.7.0, status=bounced (host 
127.0.0.1[127.0.0.1] said: 530 5.7.0 Must issue a STARTTLS comman
d first (in reply to end of DATA command))
Jul 28 13:19:18 mail postfix/cleanup[20286]: AF8CAD50276: 
message-id=<[EMAIL PROTECTED]>
Jul 28 13:19:18 mail postfix/qmgr[20200]: AF8CAD50276: from=<>, 
size=2533, nrcpt=1 (queue active)
Jul 28 13:19:18 mail postfix/bounce[20294]: DDF9FD50274: sender 
non-delivery notification: AF8CAD50276

The MTA shows the next delivery error:

This is the mail system at host mail.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                    The mail system

<[EMAIL PROTECTED]>: host 127.0.0.1[127.0.0.1] said: 530 5.7.0 Must issue a
     STARTTLS command first (in reply to end of DATA command)



Reporting-MTA: dns; mail
X-Intergrid-MailServer-Queue-ID: DDF9FD50274
X-Intergrid-MailServer-Sender: rfc822; [EMAIL PROTECTED]
Arrival-Date: Sat, 28 Jul 2007 13:19:17 +0200 (CEST)

Final-Recipient: rfc822; [EMAIL PROTECTED]
Original-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.7.0
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 530 5.7.0 Must issue a STARTTLS command first

¿Any clue?
I've tried several options and I'm sure the problem is focused in 
amavisd-new, so the system works well (as you can se above) if I 
deactivate it.




-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Amavisd-new and TLS problem

Reply via email to