Hi Viktor,
This /app/PFXpostfix/postfix is our install directory of our compiled
postfix 3.8.5 (not from RHEL8 repository).
This is how we always install our postfix to separate it from the default
postfix build (Which is disabled/not running at the same time BTW).
Compiled version:
postconf-internal -T run-version
OpenSSL 3.0.13 30 Jan 2024
/app/PFXopenssl/bin/openssl version
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
ldd $(which postfix)
linux-vdso.so.1 (0x00007ffdc8deb000)
libsasl2.so.3 => /app/PFXsasl/lib/libsasl2.so.3 (0x00007efc6b643000)
libdb-5.3.so => /app/PFXdb/db/lib/libdb-5.3.so (0x00007efc6b291000)
libpcre2-8.so.0 => /app/PFXpcre2/pcre2/lib/libpcre2-8.so.0
(0x00007efc6b031000)
libssl.so.3 => /app/PFXopenssl/lib64/libssl.so.3
(0x00007efc6ad8a000)
libcrypto.so.3 => /app/PFXopenssl/lib64/libcrypto.so.3
(0x00007efc6a727000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007efc6a523000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007efc6a30b000)
libc.so.6 => /lib64/libc.so.6 (0x00007efc69f35000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007efc69d15000)
/lib64/ld-linux-x86-64.so.2 (0x00007efc6b85f000)
As You can see it's using our local openssl version which was also compiled
from source, same way as on old servers which is working fine.
dmesg is showing a lot of those entries / I assume 1 per failed connection:
[2823377.074253] tlsproxy[2861947]: segfault at 0 ip 00007f5fa6644f0e sp
00007ffe82cfd088 error 4 in libc-2.28.so[7f5fa6618000+1cd000]
[2823377.074800] Code: b6 07 29 c8 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa 89
f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 74 02 00 00
<f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
czw., 31 lip 2025 o 17:52 Viktor Dukhovni via Postfix-users <
[email protected]> napisał(a):
> On Thu, Jul 31, 2025 at 02:33:53PM +0200, John Doe via Postfix-users wrote:
>
> > Any clue what is happening here ?
> >
> > postfix/tlsproxy[2399702]: CONNECT to [10.10.10.20]:25
> > postfix/smtp[2399701]: warning: private/tlsproxy service role "client"
> is not available
> > postfix/smtp[2399701]: 4bt4ws1G9NzZkhZC: Cannot start TLS: handshake
> failure
> > postfix/master[2399665]: warning: process
> /app/PFXpostfix/postfix/usr/libexec/postfix/tlsproxy pid 2399702 killed by
> signal 11
>
> Though this makes it clear that you've enable TLS connection reuse in
> the Postfix SMTP client, and that something goes wrong, the level of
> detail is not sufficient to draw more detailed conclusions.
>
> Firstly, what exactly is "/app/PFXpostfix/postfix"? On a RedHat system,
> I'd expect to find Postfix daemon binaries directly in system locations
> like "/usr/libexec/postfix". That unexpected path may well have
> outdated binaries left over from some other release or build. Check
> your master.cf file carefully, and also your $daemon_directory setting
> in main.cf.
>
> If that's not the crux of the problem, then:
>
> It is not quite clear which of the below is the right way to interpret the
> log data:
>
> a. The smtp(8) client gets a negative response from tlsproxy(8),
> and drops its connection, indirectly triggering a tlsproxy(8)
> segfault.
>
> b. The tlsproxy(8) process segfaults early in processing the
> new connection, and the smtp(8) client sees this as an
> error in establishing a proxy connection.
>
> To make progress we'd need to know whether "a" or "b" is the sequence of
> events. My instinct is "b", but it is important to know for sure.
>
> Also, it is important to know which version of OpenSSL this particular
> Postfix installation was built against, and which OpenSSL is installed
> on the system.
>
> --
> Viktor.
> _______________________________________________
> Postfix-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
