On Thu, Nov 03, 2016 at 12:48:01PM +0100, Florian Piekert wrote:
> Good morning everybody,
>
> I was wondering for quite some weeks now how to fix this issue with my
> postfix. I had a brief discussion with Ralf Hildebrandt and he suggested
> asking via the users lists, that's what I am doing now.
>
> I have the situation that the PF currently doesn't seem to get proper
> information about the state of the SSL connection, as you can see below.
Find the process id of a still running "tlsproxy", then post the
output of (multiple commands, so post each command followed by its
output, without changing line breaks with a blank line or two above
each command block):
# openssl version -a
# (sleep 1; printf "quit\r\n") |
openssl s_client -quiet -state -starttls smtp -connect localhost:25
# (sleep 1; printf "quit\r\n") |
openssl s_client -quiet -state -starttls smtp -connect
smtp.gmail.com:587
# postconf mail_version
# ldd /usr/sbin/posttls-finger # IIRC Ubuntu ships it
# pid=8057 # actual pid here
# cat /proc/$pid/maps
# ldd /proc/$pid/exe
# grep "tlsproxy/\[$pid\]" /var/log/mail.log | tail
[ These should work, but Ubuntu may have packaged Postfix in
some way that makes it otherwise: ]
# d=$(/var/tmp/postfix/sbin/postconf -xh meta_directory)
# cat $d/makedefs.out
also report whether that proxy had already logged a similar message
by the time you found it.
> Any pointers what to check/where to lock/what to fix are highly appreciated.
This has the feel of a shared library issue. The Postfix configuration
is largely irrelevant here, but chroot may play a role in this.
--
Viktor.
