This isn't really an OpenSSL issue, and I'd suggest asking for help
from people who are more familiar with postfix. However...
The log says that none of the names matched:
Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
sepaip2.webish.nl[77.243.228.161]: -1
Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname:
sepaip2.webish.nl ~? 127.0.0.0/8
Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostaddr:
77.243.228.161 ~? 127.0.0.0/8
Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostname:
sepaip2.webish.nl ~? 192.168.1.0/24
Jun 15 13:57:46 emily postfix/smtpd[23401]: match_hostaddr:
77.243.228.161 ~? 192.168.1.0/24
Jun 15 13:57:46 emily postfix/smtpd[23401]: match_list_match:
sepaip2.webish.nl: no match
Jun 15 13:57:46 emily postfix/smtpd[23401]: match_list_match:
77.243.228.161: no match
Jun 15 13:57:46 emily postfix/smtpd[23401]: send attr request = disconnect
I would view this as a postfix ACL configuration issue, since it's
denying access from your IP.
(Also: TCP FIN means that the connection was closed by close(), not by
killing the process such as what happens with a segfault or a rebooted
system. This in turn means that the problem is in the software, not
the network.)
-Kyle H
On Wed, Jun 17, 2009 at 11:57 AM, Jelle de
Jong<jelledej...@powercraft.nl> wrote:
> Jelle de Jong wrote:
>> Hello everybody,
>>
>> I am searching for answers and solutions for the connection issue
>> described in the attached text log.
>>
>> I got this response from Wietse from postfix:
>>
>>> Code fragment:
>>> sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,
>>> TLScontext);
>>> if (sts <= 0) {
>>> msg_info("SSL_accept error from %s: %d", props->namaddr, sts);
>>> tls_print_errors();
>>> tls_free_context(TLScontext);
>>> return (0);
>>>
>>> This means that the OpenSSL library error stack did not contain
>>> any additional information about the problem.
>>
>> I am hoping the openssl team knows what goes wrong and on what side the
>> issue is.
>>
>
> Hello everybody,
>
> I have done some more testing and got a lot more debug information, I
> still have no idea what is wrong and what to do but I got to points:
>
> webish.nl uses a selfsigned certificate:
> /C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailaddress=webas...@localhost
> Could that cause an SSL_accept error like I have and what can be done
> about this?
>
> ssl dump shows me that the connection is closed with a FIN? What does
> that mean and why is it happening? what can be done about is?
> ---------------------------------------------------------------
> 220 2.0.0 Ready to start TLS
> ---------------------------------------------------------------
> TCP: sepaip2.webish.nl(34538) -> helmwijk.xs4all.nl(25) Seq
> 1570587427.(0) ACK 2723884575 FIN
> 1 0.1111 (0.0176) C>S TCP FIN
> TCP: helmwijk.xs4all.nl(25) -> sepaip2.webish.nl(34538) Seq
> 2723884575.(0) ACK 1570587428 FIN
> 1 0.1117 (0.0005) S>C TCP FIN
> TCP: sepaip2.webish.nl(34538) -> helmwijk.xs4all.nl(25) Seq
> 1570587428.(0) ACK 2723884576
>
> I got a postfix smtpd_tls_security_level on may is this such uncommon? I
> use this for years on other systems with CACert.org signed certificates
> without any problems... why is this webish server doing nasty?
>
> collection of the logs in tar.gz format
> http://filebin.ca/vfcxs
>
> selection of logs that I hope are the most relevant:
>
> ssldump-smtpd-v-helmwijk-webish-fail.txt
> http://debian.pastebin.com/m8ce090e
>
> postconf-n-helmwijk.txt
> http://debian.pastebin.com/m4bf47368
>
> openssl-helmwijk-check.txt
> http://debian.pastebin.com/m708bd459
>
> openssl-webish-check.txt
> http://debian.pastebin.com/m45cd4779
>
> smtp-helmwijk-gmail-ok-test.txt (debian pastbin werkte niet)
> http://filebin.ca/mvtjq/smtp-helmwijk-gmail-ok-test.txt
>
> Thanks in advance,
>
> Jelle de Jong
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-us...@openssl.org
> Automated List Manager majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
