Michael Grimm:
> Wietse Venema <wie...@porcupine.org> wrote
>
> > Did you have NON-SMTP command events for the cases that had signal 11
> > errors? If so, can we have more complete logs for ONE such case?
>
> No, I haven't. I can find those entries a lot, but not in conjunction
> with signal 11. Sorry for the noise.
>
> > What is the output from:
> >
> > postconf smtputf8_enable
>
> Today it is:
> smtputf8_enable = no
This is in main.cf. When was this changed?
The command that I emailed you would have changed the postscreen
setting in master.cf only, without affecting the smtputf8 setting
for email from "good" clients.
> Here are two examples with a comparable 'BARE NEWLINE' pattern
> reported in my first post that didn't crash postscreen:
>
> Apr 23 12:07:45 <mail.info> mail.lan postfix/postscreen[61983]: CONNECT from
> [1.2.3.4]:58878 to [10.2.2.1]:25
> Apr 23 12:07:45 <mail.info> mail.lan postfix/postscreen[61983]: PREGREET 159
> after 0.03 from [1.2.3.4]:58878: \026\003\001\000\232\001\000\...
...
> Apr 23 12:09:49 <mail.info> mail.lan postfix/postscreen[4271]: CONNECT from
> [10.20.30.40]:48872 to [10.1.1.1]:25
> Apr 23 12:09:49 <mail.info> mail.lan postfix/postscreen[4271]: PREGREET 159
> after 0 from [10.20.30.40]:48872: \026\003\001\000\232\001\000\...
I have good reasons to believe that 1.2.3.4 is fake information,
and that the eight crashing sessions that you mailed in a later
message are from different clients, and that none of those clients
appears in a non-crashing session above.
So at this point I don't think we have established that changing
smtputf8_enable stops the crashes.
Here is why I think that the eight non-crashing sessions are not
from the same client.
In all cases the PREGREET and BARE NEWLINE logging is because a
mis-configured SMTP client sends a TLS hello packet.
The PREGREET logging for those eight craashing sessions shows that
this client 1.2.3.4 was changing its TLS record version from 0x0303
(\003\003) to 0x0302 (\003\002) to 0x0301 (\003\001).
Mar 28 01:33:22 <mail.info> mail.lan postfix/postscreen[7179]: PREGREET 426
after 0 from [1.2.3.4]:33288: \026\003\003\001\245\001\000...
Mar 28 01:33:23 <mail.info> mail.lan postfix/postscreen[7186]: PREGREET 426
after 0 from [1.2.3.4]:33850: \026\003\003\001\245\001\000...
Mar 28 01:33:23 <mail.info> mail.lan postfix/postscreen[7187]: PREGREET 347
after 0 from [1.2.3.4]:34124: \026\003\003\001V\001\000...
Mar 28 01:33:23 <mail.info> mail.lan postfix/postscreen[7188]: PREGREET 333
after 0 from [1.2.3.4]:34386: \026\003\003\001H\001\000...
Mar 28 01:33:23 <mail.info> mail.lan postfix/postscreen[7189]: PREGREET 414
after 0.05 from [1.2.3.4]:34506: \026\003\003\001\231\001\000...
Mar 28 01:33:24 <mail.info> mail.lan postfix/postscreen[7190]: PREGREET 415
after 0 from [1.2.3.4]:34644: \026\003\002\001\232\001\000...
Mar 28 01:33:24 <mail.info> mail.lan postfix/postscreen[7191]: PREGREET 428
after 0.02 from [1.2.3.4]:34772: \026\003\001\001\247\001\000...
Mar 28 01:33:24 <mail.info> mail.lan postfix/postscreen[7192]: PREGREET 428
after 0 from [1.2.3.4]:34874: \026\003\001\001\247\001\000...
Mar 28 01:33:24 <mail.info> mail.lan postfix/postscreen[7193]: PREGREET 418
after 0 from [1.2.3.4]:34980: \026\003\001\001\235\001\000...
Mar 28 01:33:24 <mail.info> mail.lan postfix/postscreen[7194]: PREGREET 441
after 0 from [1.2.3.4]:35048: \026\003\001\001\264\001\000...
I find it hard to believe that one client changes its TLS implementation
within a two-second time interval (assuming the time stamps are real).
For comparison, this is from your non-crashing session. It has TLS
record version 0x0301 (\003\001) and a much shorter TLS hello packet
than any of the crashing sessions.
> Apr 23 12:07:45 <mail.info> mail.lan postfix/postscreen[61983]: PREGREET 159
> after 0.03 from [1.2.3.4]:58878: \026\003\001\000\232\001\000\...
So that non-crashing session is from a different client than the
clients in the eight crashing sessions.
And this from the first message in this thread, with TLS record
version 0x0303 (\003\003), and a TLS hello packet simialr to other
crashing sessions:
Apr 20 06:36:27 <mail.info> mail.lan postfix/postscreen[74803]: PREGREET 429
after 0 from [1.2.3.4]:49074: \026\003\003\001\250\001\000...
Again, a different client than the non-crashing session.
Wietse
