On Thu, May 17, 2012 at 12:50:16AM +0200, Patrick Ben Koetter wrote:
> > maillog: http://pastebin.com/k1EzFFY9
> > postconf: http://pastebin.com/AjMGykjV
>
> You tell Postfix to keep the session cache databases in the queue_directory,
> but that is owned by root (on my systems):
>
> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
>
> Use $data_directory instead.
That's likely not the direct cause of the problem, rather the
existing cache likely contains entries from different OpenSSL
version, and OpenSSL segfaults when one imports a cached session
from an older (different) OpenSSL library.
The cache lookup keys are by transport+destination, so sending mail
to an address in the cache, causes an incompatible session to be
loaded even if it is from a different library version. So we should
probably add the library version to the lookup key.
This can happen when one updates Postfix to a version that changes
the OpenSSL version without a restart.
Changing the cache directory to $data_directory is good, but likely
just restarting would have been enough.
Also the problem should have cleared up within the cache lifetime.
--
Viktor.
