Jelle de Jong wrote: > Wietse Venema wrote: >> Wietse Venema: >>> Jelle de Jong: >>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: seed >>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute value: >>>> YuvlIV0a1sMFU6JK6BcvsKr6WJm8YP7zsFNJz/XEv+w= >>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted >>>> attribute: (list terminator) >>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end) >>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from >>>> sepaip2.webish.nl[77.243.228.161]: -1 >>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname: >>>> sepaip2.webish.nl ~? 127.0.0.0/8 >>> Code fragment: >>> sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout, >>> TLScontext); >>> if (sts <= 0) { >>> msg_info("SSL_accept error from %s: %d", props->namaddr, sts); >>> tls_print_errors(); >>> tls_free_context(TLScontext); >>> return (0); >>> >>> This means that the OpenSSL library error stack did not contain >>> any additional information about the problem. >>> >>> Maybe the client-side logging is more informative. >> Alternatively, it may help to turn on TLS_specific logging in >> Postfix itself. This may show why the TLS handshake isn't working. >> The explanation of what the logging means will have to come from >> someone who is more familiar with OpenSSL internals than me. >> >> Wietse >> >> smtpd_tls_loglevel (default: 0) >> Enable additional Postfix SMTP server logging of TLS activity. >> Each >> logging level also includes the information that is logged at a >> lower >> logging level. >> >> 0 Disable logging of TLS activity. >> >> 1 Log TLS handshake and certificate information. >> >> 2 Log levels during TLS negotiation. >> >> 3 Log hexadecimal and ASCII dump of TLS negotiation process. >> >> 4 Also log hexadecimal and ASCII dump of complete >> transmission >> after STARTTLS. >> >> Use "smtpd_tls_loglevel = 3" only in case of problems. Use of >> loglevel >> 4 is strongly discouraged. >> >> This feature is available in Postfix 2.2 and later. > > Thank you for the information, I set the log level to 3 and generated > new logs, I have attached them. I still have no idea what is going wrong > and who's fault it is and what to do about it. > > I also added an smtpd debug report when I sent a mail from an similar > configured postfix server (witch goes perfectly fine also from gmail) > > http://debian.pastebin.com/d6e44dfdd (temporary) > > Currently the one of the companies imported order request systems is > down. I would really appreciate any hits there are in figuring out what > to do. I also am reluctant to disable tls security on my server, if > mails will start working again i will get the fault even when the issue > is on the other side witch i don't know for now. > > Thanks in advance, > > Jelle de Jong >
Hi Wietse, Would you be willing to have an other look at the logs? I still have the issue and I had to turn smtpd_tls_security_level to none, so the work processes of my customer could go on, but I don't think this workaround will be the solution. I extracted the messages from the previous sent tarball to pastbin so I hope the information is easier to access: ssldump-smtpd-v-helmwijk-webish-fail.txt http://debian.pastebin.com/m8ce090e postconf-n-helmwijk.txt http://debian.pastebin.com/m4bf47368 openssl-helmwijk-check.txt http://debian.pastebin.com/m708bd459 smtp-helmwijk-gmail-ok-test.txt (debian pastbin did not work) http://filebin.ca/mvtjq/smtp-helmwijk-gmail-ok-test.txt Thanks in advance, Best regards, Jelle de Jong