Weird disconnections after RCPT using TLS

[Jesús Manuel Loaiza Vidal]

Hi guys. My system specs: Gentoo Linux Postfix 2.5.5 I have the problem below: When using TLS postfix sometimes (most the times) disconnects the client just after it issues the RCPT command. When I try to re-send the test email just after the error or when not using TLS the problem doesn't happen at all and the mail sends successfully. I'm sure its not MTU related cuz all the path between my mail server and the client is ethernet using the same MTU of 1500. I guess its TLS session related or something related to race conditions. I'm using PostgreSQL and LDAP lookup tables to do user mailbox lookup and various other things and Dovecot SASL for authentication My 'postconf -n' output debugger_command =         PATH=/bin:/usr/bin:/usr/local/bin;         (strace -s 1000 -p $process_id 2>&1 | logger -p mail.debug) & sleep 5 2bounce_notice_recipient = [EMAIL PROTECTED] bounce_notice_recipient = [EMAIL PROTECTED] broken_sasl_auth_clients = yes config_directory = /etc/postfix delay_warning_time = 4h error_notice_recipient = [EMAIL PROTECTED] local_recipient_maps = $virtual_mailbox_maps proxy:unix:passwd.byname $alias_maps mailbox_size_limit = 104857600 message_size_limit = 20480000 milter_default_action = accept myhostname = test.test.bg mynetworks = 127.0.0.0/8 notify_classes = bounce, resource recipient_delimiter = + smtp_helo_name = test.test.bg smtpd_banner = test.bg Test ESMTP Server smtpd_client_restrictions = permit_mynetworks,    permit_sasl_authenticated    check_client_access pgsql:/etc/postfix/pgsql-accesspolicy-client.cf,    reject_rbl_client zen.spamhaus.org smtpd_data_restrictions = sleep 1,    permit_mynetworks,    permit_sasl_authenticated,    reject_multi_recipient_bounce,    reject_unauth_pipelining smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks,    permit_sasl_authenticated    check_client_access pgsql:/etc/postfix/pgsql-accesspolicy-helo-client.cf,    check_helo_access pgsql:/etc/postfix/pgsql-accesspolicy-helo.cf,    check_helo_mx_access pgsql:/etc/postfix/pgsql-accesspolicy-helo-mx.cf,    reject_invalid_helo_hostname,    reject_non_fqdn_helo_hostname smtpd_recipient_restrictions = permit_mynetworks,    permit_sasl_authenticated,    reject_unauth_destination,    reject_unknown_recipient_domain,    check_policy_service inet:127.0.0.1:2501 smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = ldap:/etc/postfix/ldap-sendermaps.cf smtpd_sender_restrictions = permit_mynetworks,    reject_sender_login_mismatch,    permit_sasl_authenticated,    check_sender_access pgsql:/etc/postfix/pgsql-senderpolicy.cf,    reject_non_fqdn_sender,    reject_unknown_sender_domain smtpd_tls_CAfile = /etc/ssl/pem/ICH_SSL_CA_chain.crt smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/pem/mail.test.bg.crt smtpd_tls_fingerprint_digest = sha1 smtpd_tls_key_file = /etc/ssl/pem/mail.test.bg.pem smtpd_tls_loglevel = 2 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache tls_random_source = dev:/dev/urandom virtual_alias_maps = pgsql:/etc/postfix/pgsql-aliases.cf virtual_gid_maps = static:1001 virtual_mailbox_base = / virtual_mailbox_domains = test.bg virtual_mailbox_limit = 104857600 virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-mbox.cf, ldap:/etc/postfix/ldap-mbox.cf virtual_minimum_uid = 1000 virtual_uid_maps = static:1001 Below are the links to my mail log files and tcpdump network capture with/out TLS with debug info using strace and 'smtpd -v -D' Postfix Log without TLS TCP network capture without TLS Postfix Log with TLS and mail retry TCP network capture with TLS and mail retry OpenSSL s_client test