Hi list
I am running two postfix on two servers.One acts as smtp tls client,
the other one acts as smtpd tls server.
I tried to send mails from smtp tls client to smtpd tls server
-----------------------------------------------------------------------
IP are:
smtp tls client:1.1.1.1 (postfix version 2.3.8 OpenSSL 0.9.8c 05 Sep 2006)
smtpd tls server:2.2.2.2 (postfix version 2.5.5 OpenSSL 0.9.8g 19 Oct 2007)
configuration are:
(1)smtp tls client:
In main.cf:
default_transport = smtp-tls:[2.2.2.2]:465
smtpd_tls_CAfile =
smtp_tls_loglevel = 4
in master.cf:
smtp-tls unix - - - - - smtp
-o smtp_tls_security_level=encrypt
log:
Nov 27 09:35:37 Anti-spam postfix/smtp[14999]: initializing the client-side TLS
engine
Nov 27 09:35:37 Anti-spam postfix/tlsmgr[15000]: open smtp TLS cache
btree:/var/spool/postfix/smtp_scache
Nov 27 09:35:37 Anti-spam postfix/tlsmgr[15000]: tlsmgr_cache_run_event: start
TLS smtp session cache cleanup
Nov 27 09:40:37 Anti-spam postfix/smtp[14999]: 8DBA48981A5:
to=<sos...@126.com>, relay=2.2.2.2[2.2.2.2]:465, delay=300,
delays=0.1/0.13/300/0, dsn=4.4.2, status=deferred (conversation with
2.2.2.2[2.2.2.2] timed out while receiving the initial server greeting)
--------------------------------------------------------------------------------------------------
(2)smtpd tls server:
I set up smtpd tls server in this way:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem
-days 3650
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 4'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
in master.cf:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encryt
log:
Nov 27 09:51:45 debian postfix/smtpd[3511]: SSL_accept:before/accept
initialization
Nov 27 09:51:45 debian postfix/smtpd[3511]: read from B8A34DD0 [B8A3E4F0] (11
bytes => -1 (0xFFFFFFFF))
Nov 27 09:56:45 debian postfix/smtpd[3511]: SSL_accept error from
unknown[1.1.1.1]: -1
Nov 27 09:56:45 debian postfix/smtpd[3511]: lost connection after CONNECT from
unknown[1.1.1.1]
Nov 27 09:56:45 debian postfix/smtpd[3511]: disconnect from unknown[1.1.1.1]
Nov 27 10:08:25 debian postfix/smtpd[3516]: initializing the server-side TLS
engine
Nov 27 10:08:25 debian postfix/smtpd[3516]: connect from unknown[1.1.1.1]
Nov 27 10:08:25 debian postfix/smtpd[3516]: setting up TLS connection from
unknown[1.1.1.1]
Nov 27 10:08:25 debian postfix/smtpd[3516]: unknown[1.1.1.1]: TLS cipher list
"ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Nov 27 10:08:25 debian postfix/smtpd[3516]: SSL_accept:before/accept
initialization
Nov 27 10:08:25 debian postfix/smtpd[3516]: read from B8122DD0 [B812C4F0] (11
bytes => -1 (0xFFFFFFFF))
Nov 27 10:13:25 debian postfix/smtpd[3516]: SSL_accept error from
unknown[1.1.1.1]: -1
Nov 27 10:13:25 debian postfix/smtpd[3516]: lost connection after CONNECT from
unknown[1.1.1.1]
Nov 27 10:13:25 debian postfix/smtpd[3516]: disconnect from unknown[1.1.1.1]
Nov 27 10:13:47 debian postfix/smtpd[3516]: connect from unknown[1.1.1.1]
Nov 27 10:13:47 debian postfix/smtpd[3516]: setting up TLS connection from
unknown[1.1.1.1]
Nov 27 10:13:47 debian postfix/smtpd[3516]: unknown[1.1.1.1]: TLS cipher list
"ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
--------------------------------------------------------------------------------------------------
Made a ssl connection to 2.2.2.2 on 1.1.1.1
Anti-spam:~# openssl s_client -connect 2.2.2.2:465
CONNECTED(00000003)
depth=0
/C=CN/ST=GD/L=DG/O=sosogh/OU=haha/CN=sosogh.com/emailaddress=s...@ssf.com
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=CN/ST=GD/L=DG/O=sosogh/OU=haha/CN=sosogh.com/emailaddress=s...@ssf.com
verify return:1
---
Certificate chain
0 s:/C=CN/ST=GD/L=DG/O=sosogh/OU=haha/CN=sosogh.com/emailaddress=s...@ssf.com
i:/C=CN/ST=GD/L=DG/O=sosogh/OU=haha/CN=sosogh.com/emailaddress=s...@ssf.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICaTCCAdICCQDyIz0U0MibozANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJD
TjELMAkGA1UECBMCR0QxCzAJBgNVBAcTAkRHMQ8wDQYDVQQKEwZzb3NvZ2gxDTAL
BgNVBAsTBGhhaGExEzARBgNVBAMTCnNvc29naC5jb20xGzAZBgkqhkiG9w0BCQEW
DHNmZHNAc3NmLmNvbTAeFw0wOTExMjcwMTI1NTdaFw0xOTExMjUwMTI1NTdaMHkx
CzAJBgNVBAYTAkNOMQswCQYDVQQIEwJHRDELMAkGA1UEBxMCREcxDzANBgNVBAoT
BnNvc29naDENMAsGA1UECxMEaGFoYTETMBEGA1UEAxMKc29zb2doLmNvbTEbMBkG
CSqGSIb3DQEJARYMc2Zkc0Bzc2YuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCxIV/vZmOHjT/yx2fpgxtKmV4b5GwdNaEIluOndko1GRb83tLyF2X1vaz7
CrbQt+ZLwh26ws7nXwRSEWePLvsEC95DIK3z75EQ+AOct7lxTBYWGE6g/zbTZgU3
CRrs9IunXKWgoJ7AOtFDRHVOnThbnw88C6ZMiykQ9xAsJTns1QIDAQABMA0GCSqG
SIb3DQEBBQUAA4GBAK2OM5v+pdpHL0MuZ8tGJ95bTKVQ18Pa9DPMBfdJGMTSDvvg
85PvkE6/iH98yWHVmF5VIJG80oRAEu7I9FBZJiMp2DNiUHSUeuiUwTXRpcNZ6Ljd
xAWripYMj6gRWYKsuD/UcwR0XgOY7UN+/r1NDiotBWamR27Vlsy+4C1DbUvw
-----END CERTIFICATE-----
subject=/C=CN/ST=GD/L=DG/O=sosogh/OU=haha/CN=sosogh.com/emailaddress=s...@ssf.com
issuer=/C=CN/ST=GD/L=DG/O=sosogh/OU=haha/CN=sosogh.com/emailaddress=s...@ssf.com
---
No client certificate CA names sent
---
SSL handshake has read 1185 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: CAC84F5DB45E42C97AE0602386278E9CC84570D59234BBCC283284A45BFD71CE
Session-ID-ctx:
Master-Key:
FA7ECDCECBA5647635CC82FFDC4FDA0A0BC51B9B37D04F9A1CFA3EBFA1BFB7A6BC5567B9C25580DC80F94426B3C3241C
Key-Arg : None
Start Time: 1259292154
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
220 debian ESMTP Postfix (Debian/GNU)
helo t.com
250 debian
mail from:f...@fdf.com
250 2.1.0 Ok
rcpt to:sos...@126.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
fd
.
250 2.0.0 Ok: queued as 94F3C270348
quit
221 2.0.0 Bye
read:errno=0
--------------------------------------------------------------------------------------------------
What does "SSL_accept error from unknown[1.1.1.1]: -1" exactly mean?
I have google it, and found ,but they doesnot help
http://old.nabble.com/SMTP-fails-with-SSL_accept-error-td20050613.html
http://www.irbs.net/internet/postfix/0410/1231.html
Any hints are appreciated
Thank you
--------------
sosogh
2009-11-27
