On Thu, Nov 03, 2016 at 12:48:01PM +0100, Florian Piekert wrote: > Good morning everybody, > > I was wondering for quite some weeks now how to fix this issue with my > postfix. I had a brief discussion with Ralf Hildebrandt and he suggested > asking via the users lists, that's what I am doing now. > > I have the situation that the PF currently doesn't seem to get proper > information about the state of the SSL connection, as you can see below.
Find the process id of a still running "tlsproxy", then post the output of (multiple commands, so post each command followed by its output, without changing line breaks with a blank line or two above each command block): # openssl version -a # (sleep 1; printf "quit\r\n") | openssl s_client -quiet -state -starttls smtp -connect localhost:25 # (sleep 1; printf "quit\r\n") | openssl s_client -quiet -state -starttls smtp -connect smtp.gmail.com:587 # postconf mail_version # ldd /usr/sbin/posttls-finger # IIRC Ubuntu ships it # pid=8057 # actual pid here # cat /proc/$pid/maps # ldd /proc/$pid/exe # grep "tlsproxy/\[$pid\]" /var/log/mail.log | tail [ These should work, but Ubuntu may have packaged Postfix in some way that makes it otherwise: ] # d=$(/var/tmp/postfix/sbin/postconf -xh meta_directory) # cat $d/makedefs.out also report whether that proxy had already logged a similar message by the time you found it. > Any pointers what to check/where to lock/what to fix are highly appreciated. This has the feel of a shared library issue. The Postfix configuration is largely irrelevant here, but chroot may play a role in this. -- Viktor.