On 1/18/2012 4:53 PM, bsd wrote: > > Le 18 janv. 2012 à 23:44, Noel Jones a écrit : > >> On 1/18/2012 4:34 PM, bsd wrote: >>> Hi, >>> >>> I am trying to debug a problem that we have with one of my client. >>> The symptoms are a very high difficulty to connect to our server : >>> >>> >>> Jan 18 18:15:55 newmail postfix/smtpd[83432]: connect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:15:55 newmail postfix/smtpd[83782]: connect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:15:55 newmail postfix/smtpd[83783]: connect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:15:55 newmail postfix/smtpd[83785]: connect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:15:55 newmail postfix/smtpd[83784]: connect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83784]: SSL_accept error from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>> Jan 18 18:20:54 newmail postfix/smtpd[83784]: lost connection after CONNECT >>> from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83784]: disconnect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83785]: SSL_accept error from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>> Jan 18 18:20:54 newmail postfix/smtpd[83785]: lost connection after CONNECT >>> from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83785]: disconnect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83782]: SSL_accept error from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>> Jan 18 18:20:54 newmail postfix/smtpd[83782]: lost connection after CONNECT >>> from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83782]: disconnect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83783]: SSL_accept error from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>> Jan 18 18:20:54 newmail postfix/smtpd[83783]: lost connection after CONNECT >>> from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83783]: disconnect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83432]: SSL_accept error from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>> Jan 18 18:20:54 newmail postfix/smtpd[83432]: lost connection after CONNECT >>> from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> Jan 18 18:20:54 newmail postfix/smtpd[83432]: disconnect from >>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>> >>> >>> The client which is using Apple Mail seems to have persistent problem with >>> his e-mail. >>> >>> I wanted to know what are the symptoms of "SSL_accept error" and "lost >>> connection after CONNECT" ?? >>> >>> Should I inspect my configuration (which seems to work very well beside >>> this) or is it coming from the net or the client side ? >>> What would you advise me to further debug this ? >> >> 'lost connection after CONNECT' means the far end connected and then >> disconnected. Maybe the client has a buggy TLS. You can >> selectively turn off TLS for that client by setting: >> >> # main.cf >> smtpd_discard_ehlo_keyword_address_maps = >> cidr:/etc/postfix/smtpd_keyword_maps >> >> # smtpd_keyword_maps >> 99.98.44.85 STARTTLS >> >> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps >> >> > > If I turn off TLS for that specific client and he needs to authenticate > through TLS (SMTPs) I am not sure this will solve my problem ? > > Or am I missing something ?
Sorry, I didn't understand this was a client that needed to AUTH. Perhaps it would help if you enable port 465 smtps with tls_wrappermode and allow the client to connect there. Maybe the client doesn't like your certificate for some reason? If that's the problem they should get some sort of "untrusted" message. HTH. -- Noel Jones
