Re: Postfix crashes with signal 11

Sat, 15 Feb 2014 10:26:05 -0800 

On Sat, Feb 15, 2014 at 10:10:25AM -0800, SW wrote:

> I have removed the -D flag and restarted Postfix. I will keep my eye on it
> and report back. 
> 
> I'm really hoping for an email to come from Ebay and/or Facebook as that
> always caused a signal 11. I'd like to see if removing zlib resolved that
> issue.
> 
> I really appreciate your help 

Since your domain is DNSSEC signed, please consider deploying DANE
TLSA records for your domain:

    _25._tcp.mail.bsdpanic.com. IN TLSA 3 1 1 
83208CC707E0FD6793CD0FCFD8C3269739E79A7AEF552FDC2048143336D6D6C7

You'll of course need to make sure that future key rollover is
implemented correctly.  First publish two TLSA RRs in DNS for the
current and future cert, then deploy the new key/cert after previous
TLSA RRs have expired and publish a new TLSA RRset that lists only
the new (now current) cert.

-- 
        Viktor.

#! /bin/sh

extract() {
  case "$4" in
  0) openssl x509 -in "$1" -outform DER;;
  1) openssl x509 -in "$1" -noout -pubkey | openssl pkey -pubin -outform DER;;
  esac
}
digest() {
  case "$5" in
  0) cat;;
  1) openssl dgst -sha256 -binary;;
  2) openssl dgst -sha512 -binary;;
  esac
}
encode() {
  perl -e '
    ($cert, $hostport, $u, $s, $m) = @ARGV;
    ($host, $port) = split(":", $hostport); $port ||= 25;
    $/=undef;
    ($a=<STDIN>) =~ s/(.)/sprintf("%02X", ord($1))/egs;
    printf "_%d._tcp.%s. IN TLSA %d %d %d %s\n",
      $port, $host, $u, $s, $m, $a;
  ' "$@"
}

error() { echo "$1" 1>&2; exit 1; }
usage() { error "Usage: $0 cert.pem host[:port] usage selector mtype"; }
if [ $# -ne 5 ]; then usage; fi

case "$(echo $3 | tr '[A-Z]' '[a-z]')" in
0|pkix-[ct]a)   usage=0;;
1|pkix-ee)      usage=1;;
2|dane-[ct]a)   usage=2;;
3|dane-ee)      usage=3;;
*)              error "Invalid certificate usage: $3";;
esac

case "$(echo $4 | tr '[A-Z]' '[a-z]')" in
0|cert)         selector=0;;
1|spki|pkey)    selector=1;;
*)              error "Invalid selector: $4";;
esac

case "$(echo $5 | tr '[A-Z]' '[a-z]')" in
0|full)                         mtype=0;;
1|sha2-256|sha256|sha-256)      mtype=1;;
2|sha2-512|sha512|sha-512)      mtype=2;;
*)                              error "Invalid matching type: $5";;
esac

set -- "$1" "$2" "$usage" "$selector" "$mtype"
extract "$@" | digest "$@" | encode "$@"

Reply via email to