Wietse Venema wrote:
> Wietse Venema:
>> Jelle de Jong:
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: seed
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute value:
>>> YuvlIV0a1sMFU6JK6BcvsKr6WJm8YP7zsFNJz/XEv+w=
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted
>>> attribute: (list terminator)
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
>>> sepaip2.webish.nl[77.243.228.161]: -1
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname:
>>> sepaip2.webish.nl ~? 127.0.0.0/8
>> Code fragment:
>> sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,
>> TLScontext);
>> if (sts <= 0) {
>> msg_info("SSL_accept error from %s: %d", props->namaddr, sts);
>> tls_print_errors();
>> tls_free_context(TLScontext);
>> return (0);
>>
>> This means that the OpenSSL library error stack did not contain
>> any additional information about the problem.
>>
>> Maybe the client-side logging is more informative.
>
> Alternatively, it may help to turn on TLS_specific logging in
> Postfix itself. This may show why the TLS handshake isn't working.
> The explanation of what the logging means will have to come from
> someone who is more familiar with OpenSSL internals than me.
>
> Wietse
>
> smtpd_tls_loglevel (default: 0)
> Enable additional Postfix SMTP server logging of TLS activity. Each
> logging level also includes the information that is logged at a lower
> logging level.
>
> 0 Disable logging of TLS activity.
>
> 1 Log TLS handshake and certificate information.
>
> 2 Log levels during TLS negotiation.
>
> 3 Log hexadecimal and ASCII dump of TLS negotiation process.
>
> 4 Also log hexadecimal and ASCII dump of complete transmission
> after STARTTLS.
>
> Use "smtpd_tls_loglevel = 3" only in case of problems. Use of loglevel
> 4 is strongly discouraged.
>
> This feature is available in Postfix 2.2 and later.
