Re: SSL_accept error - somebody that could tell me what to do

Tue, 16 Jun 2009 02:12:14 -0700 

Wietse Venema wrote:
> Wietse Venema:
>> Jelle de Jong:
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: seed
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute value: 
>>> YuvlIV0a1sMFU6JK6BcvsKr6WJm8YP7zsFNJz/XEv+w=
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: private/tlsmgr: wanted 
>>> attribute: (list terminator)
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: (end)
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from 
>>> sepaip2.webish.nl[77.243.228.161]: -1
>>> Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname: 
>>> sepaip2.webish.nl ~? 127.0.0.0/8
>> Code fragment:
>>     sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,
>>                          TLScontext);
>>     if (sts <= 0) {
>>         msg_info("SSL_accept error from %s: %d", props->namaddr, sts);
>>         tls_print_errors();
>>         tls_free_context(TLScontext);
>>         return (0);
>>
>> This means that the OpenSSL library error stack did not contain 
>> any additional information about the problem.
>>
>> Maybe the client-side logging is more informative.
> 
> Alternatively, it may help to turn on TLS_specific logging in
> Postfix itself. This may show why the TLS handshake isn't working.
> The explanation of what the logging means will have to come from
> someone who is more familiar with OpenSSL internals than me.
> 
>       Wietse
> 
> smtpd_tls_loglevel (default: 0)
>        Enable  additional  Postfix  SMTP server logging of TLS activity.  Each
>        logging level also includes the information that is logged at  a  lower
>        logging level.
> 
>               0 Disable logging of TLS activity.
> 
>               1 Log TLS handshake and certificate information.
> 
>               2 Log levels during TLS negotiation.
> 
>               3 Log hexadecimal and ASCII dump of TLS negotiation process.
> 
>               4  Also  log hexadecimal and ASCII dump of complete transmission
>               after STARTTLS.
> 
>        Use "smtpd_tls_loglevel = 3" only in case of problems. Use of  loglevel
>        4 is strongly discouraged.
> 
>        This feature is available in Postfix 2.2 and later.

Thank you for the information, I set the log level to 3 and generated
new logs, I have attached them. I still have no idea what is going wrong
and who's fault it is and what to do about it.

I also added an smtpd debug report when I sent a mail from an similar
configured postfix server (witch goes perfectly fine also from gmail)

http://debian.pastebin.com/d6e44dfdd (temporary)

Currently the one of the companies imported order request systems is
down. I would really appreciate any hits there are in figuring out what
to do. I also am reluctant to disable tls security on my server, if
mails will start working again i will get the fault even when the issue
is on the other side witch i don't know for now.

Thanks in advance,

Jelle de Jong

Attachment: ssldump-smtpd-v-helmwijk-webish-fail.tar.gz
Description: application/gzip

Reply via email to