Le 19 janv. 2012 à 00:12, Noel Jones <njo...@megan.vbhcs.org> a écrit :
> On 1/18/2012 4:53 PM, bsd wrote: >> >> Le 18 janv. 2012 à 23:44, Noel Jones a écrit : >> >>> On 1/18/2012 4:34 PM, bsd wrote: >>>> Hi, >>>> >>>> I am trying to debug a problem that we have with one of my client. >>>> The symptoms are a very high difficulty to connect to our server : >>>> >>>> >>>> Jan 18 18:15:55 newmail postfix/smtpd[83432]: connect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:15:55 newmail postfix/smtpd[83782]: connect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:15:55 newmail postfix/smtpd[83783]: connect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:15:55 newmail postfix/smtpd[83785]: connect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:15:55 newmail postfix/smtpd[83784]: connect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83784]: SSL_accept error from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>>> Jan 18 18:20:54 newmail postfix/smtpd[83784]: lost connection after >>>> CONNECT from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83784]: disconnect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83785]: SSL_accept error from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>>> Jan 18 18:20:54 newmail postfix/smtpd[83785]: lost connection after >>>> CONNECT from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83785]: disconnect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83782]: SSL_accept error from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>>> Jan 18 18:20:54 newmail postfix/smtpd[83782]: lost connection after >>>> CONNECT from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83782]: disconnect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83783]: SSL_accept error from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>>> Jan 18 18:20:54 newmail postfix/smtpd[83783]: lost connection after >>>> CONNECT from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83783]: disconnect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83432]: SSL_accept error from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85]: 0 >>>> Jan 18 18:20:54 newmail postfix/smtpd[83432]: lost connection after >>>> CONNECT from adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> Jan 18 18:20:54 newmail postfix/smtpd[83432]: disconnect from >>>> adsl-99-98-44-85.dsl.lsan03.sbcglobal.net[99.98.44.85] >>>> >>>> >>>> The client which is using Apple Mail seems to have persistent problem with >>>> his e-mail. >>>> >>>> I wanted to know what are the symptoms of "SSL_accept error" and "lost >>>> connection after CONNECT" ?? >>>> >>>> Should I inspect my configuration (which seems to work very well beside >>>> this) or is it coming from the net or the client side ? >>>> What would you advise me to further debug this ? >>> >>> 'lost connection after CONNECT' means the far end connected and then >>> disconnected. Maybe the client has a buggy TLS. You can >>> selectively turn off TLS for that client by setting: >>> >>> # main.cf >>> smtpd_discard_ehlo_keyword_address_maps = >>> cidr:/etc/postfix/smtpd_keyword_maps >>> >>> # smtpd_keyword_maps >>> 99.98.44.85 STARTTLS >>> >>> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps >>> >>> >> >> If I turn off TLS for that specific client and he needs to authenticate >> through TLS (SMTPs) I am not sure this will solve my problem ? >> >> Or am I missing something ? > > > Sorry, I didn't understand this was a client that needed to AUTH. > > Perhaps it would help if you enable port 465 smtps with > tls_wrappermode and allow the client to connect there. This is the case tls_wrappermode is enabled in master.cf Auth works very well. My conf is working for 99% of my clients. Only one guy has problems, but this is the boss !! > > Maybe the client doesn't like your certificate for some reason? If > that's the problem they should get some sort of "untrusted" message. Can it simply lost connexion because of poor link quality ? What are the general reasons ? Thx > > > HTH. > > > -- Noel Jones
