Jelle de Jong wrote:
> Wietse Venema wrote:
>> Wietse Venema:
>>> Jelle de Jong:
>>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: seed
>>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute value:
>>>> YuvlIV0a1sMFU6JK6BcvsKr6WJm8YP7zsFNJz/XEv+w=
>>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted
>>>> attribute: (list terminator)
>>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
>>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
>>>> sepaip2.webish.nl[77.243.228.161]: -1
>>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname:
>>>> sepaip2.webish.nl ~? 127.0.0.0/8
>>> Code fragment:
>>> sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,
>>> TLScontext);
>>> if (sts <= 0) {
>>> msg_info("SSL_accept error from %s: %d", props->namaddr, sts);
>>> tls_print_errors();
>>> tls_free_context(TLScontext);
>>> return (0);
>>>
>>> This means that the OpenSSL library error stack did not contain
>>> any additional information about the problem.
>>>
>>> Maybe the client-side logging is more informative.
>> Alternatively, it may help to turn on TLS_specific logging in
>> Postfix itself. This may show why the TLS handshake isn't working.
>> The explanation of what the logging means will have to come from
>> someone who is more familiar with OpenSSL internals than me.
>>
>> Wietse
>>
>> smtpd_tls_loglevel (default: 0)
>> Enable additional Postfix SMTP server logging of TLS activity.
>> Each
>> logging level also includes the information that is logged at a
>> lower
>> logging level.
>>
>> 0 Disable logging of TLS activity.
>>
>> 1 Log TLS handshake and certificate information.
>>
>> 2 Log levels during TLS negotiation.
>>
>> 3 Log hexadecimal and ASCII dump of TLS negotiation process.
>>
>> 4 Also log hexadecimal and ASCII dump of complete
>> transmission
>> after STARTTLS.
>>
>> Use "smtpd_tls_loglevel = 3" only in case of problems. Use of
>> loglevel
>> 4 is strongly discouraged.
>>
>> This feature is available in Postfix 2.2 and later.
>
> Thank you for the information, I set the log level to 3 and generated
> new logs, I have attached them. I still have no idea what is going wrong
> and who's fault it is and what to do about it.
>
> I also added an smtpd debug report when I sent a mail from an similar
> configured postfix server (witch goes perfectly fine also from gmail)
>
> http://debian.pastebin.com/d6e44dfdd (temporary)
>
> Currently the one of the companies imported order request systems is
> down. I would really appreciate any hits there are in figuring out what
> to do. I also am reluctant to disable tls security on my server, if
> mails will start working again i will get the fault even when the issue
> is on the other side witch i don't know for now.
>
> Thanks in advance,
>
> Jelle de Jong
>
Hi Wietse,
Would you be willing to have an other look at the logs? I still have the
issue and I had to turn smtpd_tls_security_level to none, so the work
processes of my customer could go on, but I don't think this workaround
will be the solution.
I extracted the messages from the previous sent tarball to pastbin so I
hope the information is easier to access:
ssldump-smtpd-v-helmwijk-webish-fail.txt
http://debian.pastebin.com/m8ce090e
postconf-n-helmwijk.txt
http://debian.pastebin.com/m4bf47368
openssl-helmwijk-check.txt
http://debian.pastebin.com/m708bd459
smtp-helmwijk-gmail-ok-test.txt (debian pastbin did not work)
http://filebin.ca/mvtjq/smtp-helmwijk-gmail-ok-test.txt
Thanks in advance,
Best regards,
Jelle de Jong
