On 9/24/20 9:13 PM, Viktor Dukhovni wrote: > On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote: > Is that really the session you intended to capture.
Interestingly phrased! The intention was to capture the tcp data 'thru' the failed event. That^^ is the data streamed to console, with that^^ tshark command, from right before the moment I exec the msmtp send, until it fails ... and sits there. Whether that tshark cmd correctly captures that 'intention', well that's a different issue. > It is surprising that the client sent "QUIT<CRLF>" only .14 seconds after SYN, > since if it expected to do SMTP STARTLS, it would typically wait for the > server greeting for more than a fraction of a second. So, iiuc, that's a dovecot faux pas? I certainly don't supsect that it's the result of anything that postfix signals in the transaction. If it's 'from' dovecot, how would I ferret out whether it's dovecot code "innards", or something in the (mis)function of linked openssl libs?
