lejeczek via Postfix-users:
> I don't know what "exactly" with _ssl_ means for ceph - not
> knowledgeable to comment on the source code and user manuals
> do not go into those details or I failed to find such
> detailed info.
> What I could find does not mention TLS at all. As far as
> CEPH's configuration go, from user perspective:
> -> $ ceph config set mgr mgr/alerts/smtp_ssl true
> -> $ ceph config set mgr mgr/alerts/smtp_port 465
The port 465 service is for the case that the client sends TLS HELLO first.
> -> $ ceph alerts send
>
> Postfix's log:
> Sep 25 07:43:00 postfix/smtpd[1825935]: warning: run-time
> library vs. compile-time header version mismatch: OpenSSL
> 3.5.0 may not be compatible with OpenSSL 3.2.0
> Sep 25 07:43:00 postfix/smtpd[1825935]: connect from
> unknown[10.1.1.61]
> Sep 25 07:43:00 postfix/smtpd[1825935]: improper command
> pipelining after CONNECT from unknown[10.1.1.61]:
> \026\003\001\002\000\001\000\001\374\003\003\237\251\001\377\312a\302\026\177x\271E\350\0238\005\016\334\324m\026w\0024\2472r;%\355^\206
>
The client sends TLS HELLO first, but Postfix
is mis-configured.
In /etc/postfix/master.cf you need something like:
submissions inet n - n - - smtpd
-o syslog_name=postfix/submissions
-o smtpd_forbid_unauth_pipelining=no
-o smtpd_tls_wrappermode=yes
-o ....
With older systems this service is called 'smtps'.
Edit the file, then do "postfix reload".
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
