W dniu 2015-03-20 o 20:45, Wietse Venema pisze: > Viktor Dukhovni: >> On Fri, Mar 20, 2015 at 04:36:09PM +0100, ?ukasz W?sikowski wrote: >> >>>> Please avoid pastebin in the future. There's a bug in your SSL >>>> library. It crashes in zlib's deflate() called via SSL_accept(). >>> >>> If not pastebin then what should I do? Attach logs to message or paste >>> it into the body? >> >> The body is fine for a relatively short stack trace. Trim it down >> to just the essentials. For larger chunks of data attachmets are >> also fine, but generally if you're sending a lot of data, you should >> probably be sending less. >> >>> You were right, it was zlib's fault, thank you! >> >> If you do find out exactly what the problem is, please post. I >> don't recall ever seeing the definitive explanation for the >> repeated problem reports over the years. > > I'd like to know, was this using > > - the FreeBSD base system OpenSSL library (/usr/include/openssl and > /usr/lib/libssl*) > > - the ports OpenSSL library (/usr/local/include/openssl and > /usr/local/lib/libssl*) > > - some other OpenSSL library? > > This is a non-trivial question, because Postfix may be compiled for > one of these, but it may use SASL/LDAP/etc. libraries that are > compiled for a different OpenSSL library. > > To find out you'd have to > > ldd -a /usr(/local)/libexec/postfix/smtpd > > This will produce a listing of all requirements. > > /usr/libexec/postfix/smtpd: > libpostfix-master.so => /usr/lib/postfix/3.0.0/libpostfix-master.so > (0x280c1000) > libpostfix-tls.so => /usr/lib/postfix/3.0.0/libpostfix-tls.so > (0x280cb000) > ... > /usr/lib/postfix/3.0.0/libpostfix-tls.so: > libssl.so.8 => /usr/local/lib/libssl.so.8 (0x28169000) > libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x281c1000) > libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x2833e000) > ... > > In other words I'm using the OpenSSL library from ports. > > The ldd output does not show all ".so" modules (for example, some > are linked in dynamically by libsasl) but it may reveal enough to > be useful.
Wietse, I was using openssl from ports (with ZLIB enabled) when those problems occured. I got rid of openssl from ports and now I'm using openssl from base system and it works ok. If you want output from ldd I can broke this jail again, that's not a problem, just say a word. -- best regards, Lukasz Wasikowski
