On Sun, Apr 14, 2013 at 03:57:07PM +0000, Joan Moreau wrote:
> >Done right, this is sufficient. Your compiler settings must
> >be wrong. Post the exact command you use the create the
> >Postfix "makefiles".
>
> make -f Makefile.init makefiles 'CCARGS=-DHAS_PCRE -DHAS_MYSQL
> -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -UHAS_LDAP -UHAS_IPV6 -DUSE_TLS
> -I/usr/include/mysql/ -I/usr/include/sasl '
> 'AUXLIBS=-L/usr/lib/mysql/ -lmysqlclient -lssl -lcrypto -lz -lm
> -lpcre -lsasl2'
This looks OK, but perhaps you're running into DLL hell.
As a sanitty check, what version of OpenSSL provides the header files?
$ grep OPENSSL_VERSION /usr/include/openssl/opensslv.h
> >None of these matter. but I don't recall seeing a "postconf -n"
>
> smtpd_tls_CAfile = /etc/ssl/ca-bundle.crt
> smtpd_tls_CApath = /etc/ssl/certs
> smtpd_tls_ask_ccert = no
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/certs/postfix.crt
> smtpd_tls_key_file = /etc/ssl/certs/postfix.key
> smtpd_tls_loglevel = 2
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
> smtpd_tls_session_cache_timeout = 3600s
> strict_8bitmime = no
> strict_rfc821_envelopes = no
> tls_random_source = dev:/dev/urandom
Nothing exciting here, provided this is the correct main.cf, you don't
have anything there that would break TLS ciphers.
> > >2013-04-14T15:26:27.625728+02:00 server postfix/smtpd[20218]:
> > >warning: TLS library problem: 20218:error:1411C146:SSL
> > >routines:tls1_prf:unsupported digest type:t1_enc.c:276:
> > >2013-04-14T15:26:27.625738+02:00 server postfix/smtpd[20218]:
> > >warning: TLS library problem: 20218:error:140D308A:SSL
> > >routines:tls1_setup_key_block:cipher or hash
> > >unavailable:t1_enc.c:621: Any clue ?
> >
> >Your libcrypto does not support the algorithms that libssl
> >expects, report
> >the output of:
> >
> >unset LD_LIBRARY_PATH
> >unset LD_PRELOAD
> >ldd $(postconf -h daemon_directory)/smtpd
>
> # ldd $(postconf -h daemon_directory)/smtpd
> linux-vdso.so.1
> libmysqlclient.so.18 => /usr/lib/mysql/libmysqlclient.so.18
> libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0
> libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0
> libz.so.1 => /lib/libz.so.1
> libm.so.6 => /lib/libm.so.6
> libpcre.so.1 => /lib/libpcre.so.1
> libsasl2.so.2 => /usr/lib/libsasl2.so.2
> libdb-5.3.so => /usr/lib/libdb-5.3.so
> libnsl.so.1 => /lib/libnsl.so.1
> libresolv.so.2 => /lib/libresolv.so.2
> libc.so.6 => /lib/libc.so.6
> libpthread.so.0 => /lib/libpthread.so.0
> libdl.so.2 => /lib/libdl.so.2
> libstdc++.so.6 => /usr/lib/libstdc++.so.6
> libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
> /lib64/ld-linux-x86-64.so.2
The only thing that comes to mind here is that perhaps libmsqlclient.so.18
is linked against a different OpenSSL runtime library than Postfix.
Report the output of:
readelf -d /usr/lib/postfix/smtpd
readelf -d /usr/lib/mysql/libmysqlclient.so.18
Otherwise, your libcrypto and libssl are unusually messed up,
re-install your system from scratch.
--
Viktor.
