Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

On 11/05/20 23:35 -0400, Viktor Dukhovni wrote: Attaching it is fine, if you're willing to disclose the IP addresses and hostnames of the two servers. Okay, I've attached two files; the PCAP and the postfix log. To clarify my earlier email, the unencrypted session scenario only arises when I r

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

On May 11, 2020, at 11:19 PM, Alexander Vasarab wrote: > I've captured the relevant conversation. In doing so, it became clear to > me that when the message succeeds after immediately trying again, it > does so because the subsequent connection does not try to use TLS. So > the pattern is: attem

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

The real problem is that the connection was terminated mid-transaction. The "shutdown while in init" is I think a distraction, Postfix was cleaning up the TLS session, when it was not yet, or is no longer in a state that is valid for calling SSL_shutdown(). If you manage to collect a PCAP captur

Re: logrotate script for Postfix

%M - minute%m - month. you have a typo, should be: maillog_file_rotate_suffix = %Y%m%d-%H%M%S 09.05.2020, 11:32, "Larry Stone" : On May 9, 2020, at 9:45 AM, Wietse Venema wrote: If the log is written by Postfix you must use "postfix logrotate". This ensures that Postfix stops

Re: Postfix "IPv6-only" - experience/recommendation question

In message "michae...@rocketmail.com" writes: > THANKS to a all who answered!!! > > A lot of shared experience, learned a lot, cool. It's always very > interesting how threads are meandering, somehow, adding new aspects to > unasked but also relevant questions. Crowd as it's best :-) Summarize

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

Viktor Dukhovni: > On Mon, May 11, 2020 at 03:52:27PM -0400, Wietse Venema wrote: > > > Viktor Dukhovni: > > > > > That said, it perhaps possible that Postfix is calling SSL_shutdown() on > > > a connection that never progressed enough to complete the handshake. > > > I'll check what preconditions

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

On Mon, May 11, 2020 at 12:51:55PM -0700, Alexander Vasarab wrote: > May 11 12:20:56 vasaconsulting postfix/smtpd[28652]: connect from scrubbed>[] > May 11 12:20:56 vasaconsulting postfix/tlsmgr[8390]: put smtpd session > id=AB4F6D34D354C888E50413E7DFADA37D900F7FD03D2A57145F8C9EBCD4F85CD5&s=subm

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

On Mon, May 11, 2020 at 03:52:27PM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > > That said, it perhaps possible that Postfix is calling SSL_shutdown() on > > a connection that never progressed enough to complete the handshake. > > I'll check what preconditions are needed for OpenSSL to allo

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

Viktor Dukhovni: > On Mon, May 11, 2020 at 11:43:41AM -0700, Alexander Vasarab wrote: > > > I recently upgraded postfix and OpenSSL to 3.4.10 and 1.1.1d, > > respectively. These versions align with Debian GNU/Linux 10 (buster). > > Since the upgrade I've begun receiving regular log entries that lo

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

The remote peer sent a TLS shutdown message during the TLS handshake. There is no way to 'continue' the handshake. Maybe the remote peer times out - you could find out by looking at the TIME STAMPS in your logs. Causes for timeout: your server is slow, or your network has packet loss. The times

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

On Mon, May 11, 2020 at 11:43:41AM -0700, Alexander Vasarab wrote: > I recently upgraded postfix and OpenSSL to 3.4.10 and 1.1.1d, > respectively. These versions align with Debian GNU/Linux 10 (buster). > Since the upgrade I've begun receiving regular log entries that look > like this: > > May 11

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

Alexander Vasarab: > Greetings, > > I recently upgraded postfix and OpenSSL to 3.4.10 and 1.1.1d, > respectively. These versions align with Debian GNU/Linux 10 (buster). > Since the upgrade I've begun receiving regular log entries that look > like this: > > May 11 11:23:54 vasaconsulting postfix/

"SSL_Shutdown:shutdown while in init" while sending and receiving

Greetings, I recently upgraded postfix and OpenSSL to 3.4.10 and 1.1.1d, respectively. These versions align with Debian GNU/Linux 10 (buster). Since the upgrade I've begun receiving regular log entries that look like this: May 11 11:23:54 vasaconsulting postfix/smtpd[21870]: warning: TLS library

PATCH: Problem translating domain to UTF8 form

Wietse Venema: > Wietse Venema: > > Sascha H?depohl: > > > Hello! > > > > > > i found this in maillog: > > > > > > postfix/bounce[90860]: warning: midna_domain_to_utf8_create: Problem > > > translating domain "mail.huedepohl.de" to UTF8 form: U_FILE_ACCESS_ERROR > > > > > > i can't figure out wh

Re: Postfix "IPv6-only" - experience/recommendation question

michae...@rocketmail.com: I've a generic question to all more experienced than me postfix users here: Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g "mail.example.com" and "smtp.example.com" with only ipv6 records in the DNS, no A / ipv4 anymore? In theory,

Re: Postfix "IPv6-only" - experience/recommendation question

THANKS to a all who answered!!! A lot of shared experience, learned a lot, cool. It's always very interesting how threads are meandering, somehow, adding new aspects to unasked but also relevant questions. Crowd as it's best :-) Summarized your valuable hints, I'll stay with my Postfix configur

Re: Postfix "IPv6-only" - experience/recommendation question

Dnia 8.05.2020 o godz. 23:26:06 Ralph Seichter pisze: > Google has so far not rejected mail sent by the dual stack servers I > maintain, no matter if IPv4 or IPv6 was used. Both DKIM and SPF are > configured on my end, which seems to be a major concern for Google, but > beyond that I have neither

Re: Postfix "IPv6-only" - experience/recommendation question

Dnia 8.05.2020 o godz. 14:33:16 Bill Cole pisze: > > Some have IPv6 connectivity and address space but no motivation to > make their mail systems use IPv6. There are reasons to avoid sending > over IPv6 and very few if any significant reasons to want to send or > receive over IPv6. If one has a w