Le 14/04/2013 15:25, Viktor Dukhovni a écrit :
On Sun, Apr 14, 2013 at 01:30:53PM +0000, Joan Moreau wrote:
[ You're using a mail client, whose plain-text response does not
properly
"quote" material you're replying to. When posting to this list please
use a non-HTML client that gets the plain-text message right. ]
Ok, I tried 1 - to re-install openssl 1.0.1 then recompile postfix
Done right, this is sufficient. Your compiler settings must
be wrong. Post the exact command you use the create the
Postfix "makefiles".
make -f Makefile.init makefiles 'CCARGS=-DHAS_PCRE -DHAS_MYSQL
-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -UHAS_LDAP -UHAS_IPV6 -DUSE_TLS
-I/usr/include/mysql/ -I/usr/include/sasl ' 'AUXLIBS=-L/usr/lib/mysql/
-lmysqlclient -lssl -lcrypto -lz -lm -lpcre -lsasl2'
2 - to reboot on an old kernel 3 - to use postfix 2.9, 2.10 or
2.11-devel 4 - to move from SSL (465) to STARTTLS (25) 5 - put the
ciphers req to "medium"
None of these matter. but I don't recall seeing a "postconf -n"
alias_maps = hash:/etc/aliases
biff = no
bounce_queue_lifetime = 6h
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
defer_transports =
delay_warning_time = 1h
disable_dns_lookups = no
disable_mime_output_conversion = no
dovecot_destination_recipient_limit = 1
header_checks = pcre:/etc/postfix/smtp_header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
maximal_queue_lifetime = 1d
message_size_limit = 204800000
mydestination = localhost, localhost.$mydomain
mydomain = grosjo.net
myhostname = grosjo.net
mynetworks = 127.0.0.0/8 204.93.196.46/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $virtual_mailbox_domains $local_recipient_maps
$mydestination $virtual_alias_maps $virtual_alias_domains
$virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps
$relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = no
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 1
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname,reject_rbl_client
bl.spamcop.net,reject_rbl_client
sbl-xbl.spamhaus.org,check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/postfix.crt
smtpd_tls_key_file = /etc/ssl/certs/postfix.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1002
virtual_mailbox_base = /data/mail
virtual_mailbox_domains =
mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 0
virtual_mailbox_limit_maps =
mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 10001
virtual_transport = dovecot
virtual_uid_maps = static:10001
In all cases, I get to something similar to:
2013-04-14T15:26:27.625728+02:00 server postfix/smtpd[20218]: warning:
TLS library problem: 20218:error:1411C146:SSL
routines:tls1_prf:unsupported digest type:t1_enc.c:276:
2013-04-14T15:26:27.625738+02:00 server postfix/smtpd[20218]: warning:
TLS library problem: 20218:error:140D308A:SSL
routines:tls1_setup_key_block:cipher or hash unavailable:t1_enc.c:621:
Any clue ?
Your libcrypto does not support the algorithms that libssl expects,
report
the output of:
unset LD_LIBRARY_PATH
unset LD_PRELOAD
ldd $(postconf -h daemon_directory)/smtpd
# ldd $(postconf -h daemon_directory)/smtpd
linux-vdso.so.1 (0x00007fff15394000)
libmysqlclient.so.18 => /usr/lib/mysql/libmysqlclient.so.18
(0x00007f4b0d709000)
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f4b0d49f000)
libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f4b0d0b1000)
libz.so.1 => /lib/libz.so.1 (0x00007f4b0ce9a000)
libm.so.6 => /lib/libm.so.6 (0x00007f4b0cb9c000)
libpcre.so.1 => /lib/libpcre.so.1 (0x00007f4b0c95e000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f4b0c743000)
libdb-5.3.so => /usr/lib/libdb-5.3.so (0x00007f4b0c389000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00007f4b0c171000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00007f4b0bf5a000)
libc.so.6 => /lib/libc.so.6 (0x00007f4b0bbab000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f4b0b98e000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f4b0b78a000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f4b0b482000)
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007f4b0b26d000)
/lib64/ld-linux-x86-64.so.2 (0x00007f4b0de67000)
