j...@sdf.org wrote: > chris...@astron.com (Christos Zoulas) wrote: > > .. > > > > I don't see what could do it in the saslc code. Perhaps something changed > > in openssl? Can you try to use the previous openssl libraries and see if > > that fixes it? > > > > Switching to previous openssl libraries will take some doing but I think I've > uncovered more clues using the posttls-finger(1) tool: > > % posttls-finger -a ipv4 -L verbose -l encrypt -cS > '[smtp.acme.com]:submission' > posttls-finger: initializing the client-side TLS engine > posttls-finger: LHLO rejected: 502 unimplemented (#5.5.1) > ^^^^ > > Should be "EHLO" right? Looks like a simple typo in the code somewhere. > Hunting > around with strings(1) I found this: > > % strings /usr/libexec/postfix/smtp | grep LHLO > performing the LHLO handshake > LHLO %s > > Does that look like the likely suspect?
Ack, nevermind - I miss-understood the "-S" option for posttls-finger(1)... Jeff -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This email has a PGP signature attached; verify using PGP public key at http://jgw.sdf.org/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUx97aAAoJELZg2zktVKWMNZUP/ispNTlNSjx0QoKChol0sZSF 55ZvdtINHvA5DL0M78kXVkFqzWDdnAjE857iK8fXbj5Az6tx05DY+iovf6qUyLKF X/5Jm82B8xAlSu8AlM37su8TzAgh51rw0UPJ1qhfaiamjognk6Yc0fFCnsWlaElp 1toKk++UghXfcWkY4hs3t6S//Nzf1WTg3mwKHVfmMJy2I2doXjI1Ok2ogB11gQX9 7HqJVpHcRzdel3iAUgmzruexQzBXpuBdylAjLfGiF7bVgP3bK4teck/D46BP09qJ XBPKgNwbHtCRqArfRjMb92EhzgZjUftadJwDmPFlE7N1nn2tBP2pmwb8lhq18CsS 2uyflSrVMwFuRYYCXcfPTYl+mUTg0kA9MAp/gNVOAc+9B7TfjWN1HkCBnOuBFtI2 7nH7xJ3eEeOaoTRZPXo0WSWcAtWDXXbdZXW8cgVUIxggQLVA22CTKMRUTGfeJwcS KAbzyZu/z2/V04Ygnu2hzgAGulw4qvv0cREiOVHVdpgaq8hEH2/U/yKqaXTf5NCp P+9NKQDGgnt2cWNibUAzF563uvnOL3OnnjeT6/PLsfzJkpOFPi/H/UHc8a6Hjc8F l2S9u+5Lu4DFfXjewTRT8NLmeal3kppHBwHIeGVavWlmLET0bvSj486qimXVv2SN fwEG5kbnu8pX89ZowR8U =KFMw -----END PGP SIGNATURE-----
