On Thu, Jul 31, 2025 at 02:33:53PM +0200, John Doe via Postfix-users wrote:
> Any clue what is happening here ?
>
> postfix/tlsproxy[2399702]: CONNECT to [10.10.10.20]:25
> postfix/smtp[2399701]: warning: private/tlsproxy service role "client" is not
> available
> postfix/smtp[2399701]: 4bt4ws1G9NzZkhZC: Cannot start TLS: handshake failure
> postfix/master[2399665]: warning: process
> /app/PFXpostfix/postfix/usr/libexec/postfix/tlsproxy pid 2399702 killed by
> signal 11
Though this makes it clear that you've enable TLS connection reuse in
the Postfix SMTP client, and that something goes wrong, the level of
detail is not sufficient to draw more detailed conclusions.
Firstly, what exactly is "/app/PFXpostfix/postfix"? On a RedHat system,
I'd expect to find Postfix daemon binaries directly in system locations
like "/usr/libexec/postfix". That unexpected path may well have
outdated binaries left over from some other release or build. Check
your master.cf file carefully, and also your $daemon_directory setting
in main.cf.
If that's not the crux of the problem, then:
It is not quite clear which of the below is the right way to interpret the
log data:
a. The smtp(8) client gets a negative response from tlsproxy(8),
and drops its connection, indirectly triggering a tlsproxy(8)
segfault.
b. The tlsproxy(8) process segfaults early in processing the
new connection, and the smtp(8) client sees this as an
error in establishing a proxy connection.
To make progress we'd need to know whether "a" or "b" is the sequence of
events. My instinct is "b", but it is important to know for sure.
Also, it is important to know which version of OpenSSL this particular
Postfix installation was built against, and which OpenSSL is installed
on the system.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
