Victor Duchovni:
> On Fri, Jul 22, 2011 at 09:32:29AM -0400, Wietse Venema wrote:
> 
> > > So what are those?
> > 
> > Postfix prints all information that is available on the OpenSSL
> > error stack. The absence of such logging suggests that the error
> > stack is empty (perhaps the client hung up), or that your grep(1)
> > command eliminated them.
> 
> These are typically just lost connections. A problem client in my
> logs shows:
> 
>       8 plaintext deliveries
>       6 plaintext DATA timeouts
>      24 TLS deliveries
>     109 TLS DATA timeouts
>       7 TLS SSL accept error: 0

I've cleaned up the Postfix TLS I/O error handling, and as a result
Postfix error messages are more informative. For example: 

    SSL accept error from host[addr]:port: lost connection
    SSL connect error to host[addr]:port: connection timed out

None of these changes affect existing functionality, they just make
the logging more understandable.

        Wietse

20110817

        Cleanup: to avoid misleading error messages, the tls_bio_ops(3)
        module now sets errno to zero after a TLS operation fails
        due to a non-system-call error. File: tls/tls_bio_ops.c.

        Cleanup: TLS handshake error reporting. The SMTP client and
        server now report STARTTLS network errors as "connection
        lost", "connection timed out" etc.  instead of error number
        0.  Files: tls/tls_bio_ops.c, tls/tls_server.c, tls/tls_client.c.

20110818

        Cleanup: normalization of vstream(3) error handling. For
        consistency with the plaintext read/write routines, the
        tls_stream(3) read/write routines now return -1 instead of
        random OpenSSL error values.  File: tls/tls_stream.c.

Reply via email to