Viktor Dukhovni wrote:
>
> On Thu, Apr 19, 2012 at 07:36:04AM -0700, fr47Tb wrote:
>
>> Thank you for your response. I have included the debug file as best that
>> I
>> know how below.
>>
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 mail.test.com server ready
>> lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: LHLO mail.test.com
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-mail.test.com
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-8BITMIME
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-ENHANCEDSTATUSCODES
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-PIPELINING
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-SIZE
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-STARTTLS
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250 IGNOREQUOTA
>> lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: STARTTLS
>> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 Begin TLS negotiation now
>> lmtp[1638]: setting up TLS connection to 127.0.0.1[127.0.0.1]:24
>> lmtp[1638]: write to 080B5008 [080CD920] (111 bytes => 111 (0x6F))
>> lmtp[1638]: SSL_connect:SSLv2/v3 write client hello A
>> lmtp[1638]: read from 080B5008 [080D2E80] (7 bytes => 7 (0x7))
>> lmtp[1638]: 0000 34 35 34 20 34 2e 33 454 4.3
>> lmtp[1638]: SSL_connect:error in SSLv2/v3 read server hello A
>
> The server is busted, it attempts to reneg on doing TLS after
> sending "220 Begin TLS negotiation now". Sending a plaintext "454
> ..." error in the midle of the SSL handshake is too late!
>
> --
> Viktor.
>
>
Viktor:
I see the issue now, much troubleshooting ahead. As a comparison I have a
lmtptest -t "" -p 24 localhost output which shows no collision. Note
however a
collision may be generated by multiple test sequences. Makes me think a
timing
issue is involved. Also using tcpdump the message turns out to be
454 4.3.3 STARTTLS failure ( never receiving initial client sequence
properly)
S: 220 mail.test.com server ready
C: LHLO lmtptest
S: 250-mail.test.com
S: 250-8BITMIME
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-SIZE
S: 250-STARTTLS
S: 250 IGNOREQUOTA
C: STARTTLS
S: 220 Begin TLS negotiation now
starting TLS engine
setting up TLS connection
SSL_connect:before/connect initialization
write to 08077BF8 [08085F3B] (113 bytes => 113 (0x71))
0000 16 03 01 00 6c 01 00 00|68 03 01 4f 90 88 a5 18
0010 6a 61 48 2a 48 91 e6 7b|12 f6 ea 64 11 eb 9c ef
0020 88 ae 04 38 8a 79 6a 77|09 c9 90 00 00 3a 00 39
0030 00 38 00 88 00 87 00 35|00 84 00 16 00 13 00 0a
0040 00 33 00 32 00 9a 00 99|00 45 00 44 00 2f 00 96
0050 00 41 00 05 00 04 00 15|00 12 00 09 00 14 00 11
0060 00 08 00 06 00 03 00 ff|02 01 00 00 04 00 23
0071 - <SPACES/NULS>
SSL_connect:SSLv3 write client hello A
read from 08077BF8 [0807D9EB] (5 bytes => 5 (0x5))
0000 16 03 01 00 35
read from 08077BF8 [0807D9F0] (53 bytes => 53 (0x35))
0000 02 00 00 31 03 01 4f 90|88 a5 38 1a e9 95 75 7f
0010 7b 28 4b 52 d0 fa 34 76|1e cf 64 76 9f b0 58 ec
0020 15 0e 44 69 69 f8 00 00|39 01 00 09 ff 01 00 01
0030 00 00 23
0035 - <SPACES/NULS>
SSL_connect:SSLv3 read server hello A
read from 08077BF8 [0807D9EB] (5 bytes => 5 (0x5))
0000 16 03 01 03 d3
Thank you for your time!
--
View this message in context:
http://old.nabble.com/postfix-lmtp-ssl-failure-tp33705787p33717651.html
Sent from the Postfix mailing list archive at Nabble.com.
