Victor Duchovni: > On Fri, Jul 22, 2011 at 09:32:29AM -0400, Wietse Venema wrote: > > > > So what are those? > > > > Postfix prints all information that is available on the OpenSSL > > error stack. The absence of such logging suggests that the error > > stack is empty (perhaps the client hung up), or that your grep(1) > > command eliminated them. > > These are typically just lost connections. A problem client in my > logs shows: > > 8 plaintext deliveries > 6 plaintext DATA timeouts > 24 TLS deliveries > 109 TLS DATA timeouts > 7 TLS SSL accept error: 0
I've cleaned up the Postfix TLS I/O error handling, and as a result Postfix error messages are more informative. For example: SSL accept error from host[addr]:port: lost connection SSL connect error to host[addr]:port: connection timed out None of these changes affect existing functionality, they just make the logging more understandable. Wietse 20110817 Cleanup: to avoid misleading error messages, the tls_bio_ops(3) module now sets errno to zero after a TLS operation fails due to a non-system-call error. File: tls/tls_bio_ops.c. Cleanup: TLS handshake error reporting. The SMTP client and server now report STARTTLS network errors as "connection lost", "connection timed out" etc. instead of error number 0. Files: tls/tls_bio_ops.c, tls/tls_server.c, tls/tls_client.c. 20110818 Cleanup: normalization of vstream(3) error handling. For consistency with the plaintext read/write routines, the tls_stream(3) read/write routines now return -1 instead of random OpenSSL error values. File: tls/tls_stream.c.