Victor Duchovni:
> On Wed, Mar 10, 2010 at 08:23:00AM -0500, Wietse Venema wrote:
>
> > > Mar 10 04:59:46 xxxxxxx postfix/smtpd[93352]: <
> > > xxxxxx.my_domain.com[192.168.1.101]: QUIT
> > > Mar 10 04:59:46 xxxxxxx postfix/smtpd[93352]: >
> > > xxxxxx.my_domain.com[192.168.1.101]: 221 2.0.0 Bye
> > > Mar 10 04:59:46 xxxxxxx postfix/smtpd[93352]: warning:
> > > network_biopair_interop: error reading 5 bytes from the network:
> > > Connection reset by peer
> >
> > The client sends QUIT and disconnects. It's not going to wait for
> > the server's "220 Bye" response. If the server were to report an
> > error, there is nothing the client could do anyway.
>
> With TLS sessions, after "QUIT" processing, the server tries to perform
> a clean SSL_shutdown() of the SSL/TLS session. If the client closes
> the connection without performing the SSL_shutdown(), you'll see the
> above warning. From the SSL_shutdown(3) manpage:
>
> NOTES
> SSL_shutdown() tries to send the "close notify" shutdown
> alert to the peer. Whether the operation succeeds or not, the
> SSL_SENT_SHUTDOWN flag is set and a currently open session is
> considered closed and good and will be kept in the session cache
> for further reuse.
>
> The shutdown procedure consists of 2 steps: the sending of the
> "close notify" shutdown alert and the reception of the peer's
> "close notify" shutdown alert. According to the TLS standard, it
> is acceptable for an application to only send its shutdown alert
> and then close the underlying connection without waiting for the
> peer's response (this way resources can be saved, as the process
> can already terminate or serve another connection). When the
> underlying connection shall be used for more communications,
> the complete shutdown procedure (bidirectional "close notify"
> alerts) must be performed, so that the peers stay synchronized.
>
> Another option (given that Postfix does not have a "STOPTLS" feature that
> would allow re-use of the physical connection for further I/O after SSL
> shutdown)
The Postfix SMTP client does properly shutdown the connnection.
smtp_session_free() calls tls_client_stop().
tls_client_stop() is an alias for tls_session_stop().
tls_session_stop() calls tls_bio_shutdown().
tls_bio_shutdown() is an alias that calls SSL_shutdown().
Sending application-level data after turning off TLS is definitely
a no-no.
That leaves us with redundant error handling in Postfix: logging
a warning with errno, and then passing the error up-stream where
we know that the error is harmless. The fix is not to log that
condition by default.
> is for Postfix to not do a full (bi-directional) SSL_shutdown(),
> and just send the "close notify" without waiting for a peer response.
Wietse
