Wietse Venema:
> Jelle de Jong:
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: seed
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute value:
> > YuvlIV0a1sMFU6JK6BcvsKr6WJm8YP7zsFNJz/XEv+w=
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted
> > attribute: (list terminator)
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
> > sepaip2.webish.nl[77.243.228.161]: -1
> > Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname:
> > sepaip2.webish.nl ~? 127.0.0.0/8
>
> Code fragment:
> sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,
> TLScontext);
> if (sts <= 0) {
> msg_info("SSL_accept error from %s: %d", props->namaddr, sts);
> tls_print_errors();
> tls_free_context(TLScontext);
> return (0);
>
> This means that the OpenSSL library error stack did not contain
> any additional information about the problem.
>
> Maybe the client-side logging is more informative.
Alternatively, it may help to turn on TLS_specific logging in
Postfix itself. This may show why the TLS handshake isn't working.
The explanation of what the logging means will have to come from
someone who is more familiar with OpenSSL internals than me.
Wietse
smtpd_tls_loglevel (default: 0)
Enable additional Postfix SMTP server logging of TLS activity. Each
logging level also includes the information that is logged at a lower
logging level.
0 Disable logging of TLS activity.
1 Log TLS handshake and certificate information.
2 Log levels during TLS negotiation.
3 Log hexadecimal and ASCII dump of TLS negotiation process.
4 Also log hexadecimal and ASCII dump of complete transmission
after STARTTLS.
Use "smtpd_tls_loglevel = 3" only in case of problems. Use of loglevel
4 is strongly discouraged.
This feature is available in Postfix 2.2 and later.
