Viktor Dukhovni wrote
> Is the system that's logging the below sending or receiving email?
The errors below happened when the system sends mail. That system can also
receive mail without problem.
Here are the expanded log entries (cipher text were omitted since they are
too long):
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
connect from xxx.com[159.203.103.xxx]
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
setting up TLS connection from xxx.com[159.203.103.xxx]
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
xxx.com[159.203.103.xxx]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:before/accept initialization
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
read from 7F2FDBEEDDC0 [7F2FDBEFC710] (11 bytes => -1
(0xFFFFFFFFFFFFFFFF))
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
read from 7F2FDBEEDDC0 [7F2FDBEFC710] (11 bytes => 11 (0xB))
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
0000 16 03 01 00 9a 01 00 00|96 03 01 ........ ...
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
read from 7F2FDBEEDDC0 [7F2FDBEFC71E] (148 bytes => 148 (0x94))
(some cipher text)
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 read client hello A
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 write server hello A
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 write certificate A
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 write key exchange A
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 write server done A
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
write to 7F2FDBEEDDC0 [7F2FDBF0A0D0] (2208 bytes => 2208 (0x8A0))
(some cipher text)
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
089d - <SPACES/NULLS>
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 flush data
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
read from 7F2FDBEEDDC0 [7F2FDBEFC713] (5 bytes => 5 (0x5))
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
0000 15 03 01 00 02 .....
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
read from 7F2FDBEEDDC0 [7F2FDBEFC718] (2 bytes => 2 (0x2))
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
0000 02 30 .0
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL3 alert read:fatal:unknown CA
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:failed in SSLv3 read client certificate A
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept error from xxx.com[159.203.103.xxx]: 0
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
warning: TLS library problem: 6605:error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1259:SSL alert number 48:
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
lost connection after STARTTLS from xxx.com[159.203.103.xxx]
Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
disconnect from xxx.com[159.203.103.xxx]
Output of "postconf -n":
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
home_mailbox = mail/
html_directory = no
inet_interfaces = all
inet_protocols = all
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = xxx.com
myhostname = mail.xxx.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = xxx.com
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Output of "postconf -Mf":
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
smtps inet n - n - - smtpd
-o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps -o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
--
View this message in context:
http://postfix.1071664.n5.nabble.com/SSL3-alert-read-fatal-unknown-CA-tp85984p86010.html
Sent from the Postfix Users mailing list archive at Nabble.com.
