On Jul 12, 2009, at 1:07 PM, Wietse Venema wrote:
Scott Haneda:
Thanks for the estimation. Comparing a working transaction with one
that does not work, shows no difference. The one part I need even
more debug log data, only states "start tls" and then "failure". I
somehow need to get to the data that happens between those two log
lines.
OpenSSL does not like what the proxy sends. To find out where the
proxy errs, you will need to go beyond logfiles, and look at the
data that is actually sent over the wire.
As Tsutomu once said, tcpdump is your friend (*).
Where is the best place to run tcpdump from, the proxy machine, or the
postfix machine? Could you suggest a tcpdump command that would help
me with this? I imagine, as long as tcpdump is instructed to send out
something that is human readable, I can compare a packet dump of a
working case, and a failing case, and look for the differences.
For example one mistake is to send STARTTLS in a network packet
that also contains the first portion of the TLS handshake. The
proxy should send STARTTLS, wait for a positives server reply, and
then it should send the TLS handshake.
Thanks. Can you make any estimations as to why some sending servers
have no issue, and others fail?
If you can't figure out what OpenSSL does not like about what the
proxy sends, then you will have to find someone to do it for you.
I won't.
Thanks for your help, I will not continue this thread since I now know
that it has nothing to do with postfix. I will look to debug the proxy.
--
Scott * If you contact me off list replace talklists@ with scott@ *
