Server-ul: FC 7, Postfix cu TLS setat (fara certificate) , SASL,
amavisd+Spamassassin.
de cand am setat TLS-ul pe server, nu mai primesc mailuri de la
logwatch, si nici un alt mail destinat root-ului:
[EMAIL PROTECTED] ~] sendmail test root
test content
.
da eroare in loguri asa:
Aug 23 22:27:37 mail sendmail[8198]: l7NJRQOV008198: from=test,
size=13, class=0, nrcpts=2,
msgid=<[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Aug 23 22:27:37 mail postfix/smtpd[8199]: initializing the server-side
TLS engine
Aug 23 22:27:37 mail postfix/smtpd[8199]: connect from
mail.westaco.com[127.0.0.1]
Aug 23 22:27:37 mail postfix/smtpd[8199]: setting up TLS connection
from mail.westaco.com[127.0.0.1]
Aug 23 22:27:37 mail postfix/smtpd[8199]: SSL_accept:before/accept
initialization
Aug 23 22:27:37 mail postfix/smtpd[8199]: read from 80276C90
[802803E0] (11 bytes => -1 (0xFFFFFFFF))
Aug 23 22:27:37 mail postfix/smtpd[8199]: SSL_accept:error in SSLv2/v3
read client hello A
Aug 23 22:27:37 mail postfix/smtpd[8199]: read from 80276C90
[802803E0] (11 bytes => 11 (0xB))
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0000 80 7c 01 03 01 00 63
00|00 00 10 .|....c. ...
Aug 23 22:27:37 mail postfix/smtpd[8199]: read from 80276C90
[802803EB] (115 bytes => -1 (0xFFFFFFFF))
Aug 23 22:27:37 mail postfix/smtpd[8199]: SSL_accept:error in SSLv2/v3
read client hello B
Aug 23 22:27:37 mail postfix/smtpd[8199]: read from 80276C90
[802803EB] (115 bytes => 115 (0x73))
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0000 00 00 39 00 00 38 00
00|35 00 00 16 00 00 13 00 ..9..8.. 5.......
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0010 00 0a 07 00 c0 00 00
33|00 00 32 00 00 2f 03 00 .......3 ..2../..
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0020 80 00 00 66 00 00 05
00|00 04 01 00 80 08 00 80 ...f.... ........
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0030 00 00 63 00 00 62 00
00|61 00 00 15 00 00 12 00 ..c..b.. a.......
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0040 00 09 06 00 40 00 00
65|00 00 64 00 00 60 00 00 [EMAIL PROTECTED] ..d..`..
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0050 14 00 00 11 00 00 08
00|00 06 04 00 80 00 00 03 ........ ........
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0060 02 00 80 c3 5b c3 ae
2d|02 41 5f 25 bd 4c ca d0 ....[..- .A_%.L..
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0070 a7 9f 21
..!
Aug 23 22:27:37 mail postfix/smtpd[8199]: write to 80276C90 [8028E5A8]
(7 bytes => 7 (0x7))
Aug 23 22:27:37 mail postfix/smtpd[8199]: 0000 15 03 01 00 02 02 28
......(
Aug 23 22:27:37 mail postfix/smtpd[8199]: SSL3 alert
write:fatal:handshake failure
Aug 23 22:27:37 mail postfix/smtpd[8199]: SSL_accept:error in SSLv3
read client hello B
Aug 23 22:27:37 mail postfix/smtpd[8199]: SSL_accept:error in SSLv3
read client hello B
Aug 23 22:27:37 mail postfix/smtpd[8199]: SSL_accept error from
mail.westaco.com[127.0.0.1]: -1
Aug 23 22:27:37 mail postfix/smtpd[8199]: warning: TLS library
problem: 8199:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher:s3_srvr.c:972:
Aug 23 22:27:37 mail postfix/smtpd[8199]: lost connection after
STARTTLS from mail.westaco.com[127.0.0.1]
Aug 23 22:27:37 mail postfix/smtpd[8199]: disconnect from
mail.westaco.com[127.0.0.1]
Aug 23 22:27:37 mail sendmail[8198]: STARTTLS=client, error: connect
failed=0, SSL_error=5, errno=0, retry=-1
Aug 23 22:27:37 mail sendmail[8198]: ruleset=tls_server,
arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake.
Aug 23 22:27:37 mail sendmail[8198]: l7NJRQOV008198: to=root,test,
ctladdr=test (500/500), delay=00:00:11, xdelay=00:00:00, mailer=relay,
pri=60013, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred:
403 4.7.0 TLS handshake.
si gata, mailul nu ajunge si pace
n-am reusit sa inteleg de ce, setarile TLS ale lu' postfix sunt asa:
#TLS
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = none
smtpd_tls_loglevel = 3
#TLS
am cautat pe net, cu rezultate dezamagitoare si care nu ating problema
s-a lovit cineva de asa ceva ?
vreo sugestie ?
_______________________________________________
RLUG mailing list
RLUG@lists.lug.ro
http://lists.lug.ro/mailman/listinfo/rlug
