Le 13/09/2013 22:29, Viktor Dukhovni a écrit :
On Fri, Sep 13, 2013 at 09:44:38PM +0200, Mathieu R. wrote:
Sep 13 21:31:34 effraie01 postfix/smtpd[12650]: SSL_accept error
from ng17.bullet.mail.bf1.yahoo.com
There is generally more information in the log than this when the
TLS handshake fails. DO NOT over-summarize the logs.
Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: SSL_accept error from
ng4.bullet.mail.bf1.yahoo.com[98.139.164.99] lost connection
Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: lost connection after
STARTTLS from ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: disconnect from
ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
i can find anything more about this in my logs.
(ever from yahoo servers)
i can't figure out wher my mistake come from.
Record a full packet PCAP file containing a session from a Yahoo
host. Filter this capture file to contain full packets from exactly
one TCP session. Run that through wireshark, see where in the TLS
handshake the problem starts. Make the full capture available (post
a URL, ...).
Hum, i fully agree to do that, but i'm afraid i don't know how... i'm
starting googling about it, but i you want to tell me how, i'll be
thankfull.
here is my postconf -n : http://paste.debian.net/39693/
postfix version is : 2.9.6-2 (debian stable package)
can please somebody give me some help (i fear loosing some emails
from yahoo)
TLS to your domain looks good when I test. Your server certificate
is self-signed, but that's hardly unique to you.
The expiration date on the self-signed cert could arguably give
some systems indigestion, perhaps a 2-10 year lifetime is more
reasonable than 1000 years.
you are probably right... i'll change this.
--
Mathieu R.
