On Thu, Nov 03, 2016 at 12:48:01PM +0100, Florian Piekert wrote:

> Good morning everybody,
> 
> I was wondering for quite some weeks now how to fix this issue with my
> postfix. I had a brief discussion with Ralf Hildebrandt and he suggested
> asking via the users lists, that's what I am doing now.
> 
> I have the situation that the PF currently doesn't seem to get proper
> information about the state of the SSL connection, as you can see below.

Find the process id of a still running "tlsproxy", then post the
output of (multiple commands, so post each command followed by its
output, without changing line breaks with a blank line or two above
each command block):

        # openssl version -a
        # (sleep 1; printf "quit\r\n") |
            openssl s_client -quiet -state -starttls smtp -connect localhost:25
        # (sleep 1; printf "quit\r\n") |
            openssl s_client -quiet -state -starttls smtp -connect 
smtp.gmail.com:587

        # postconf mail_version
        # ldd /usr/sbin/posttls-finger  # IIRC Ubuntu ships it

        # pid=8057                      # actual pid here
        # cat /proc/$pid/maps
        # ldd /proc/$pid/exe
        # grep "tlsproxy/\[$pid\]" /var/log/mail.log | tail

        [ These should work, but Ubuntu may have packaged Postfix in
          some way that makes it otherwise: ]

        # d=$(/var/tmp/postfix/sbin/postconf -xh meta_directory)
        # cat $d/makedefs.out

also report whether that proxy had already logged a similar message
by the time you found it.

> Any pointers what to check/where to lock/what to fix are highly appreciated.

This has the feel of a shared library issue.  The Postfix configuration
is largely irrelevant here, but chroot may play a role in this.

-- 
        Viktor.

Reply via email to