On Fri, Sep 13, 2013 at 09:44:38PM +0200, Mathieu R. wrote: > Sep 13 21:31:34 effraie01 postfix/smtpd[12650]: SSL_accept error > from ng17.bullet.mail.bf1.yahoo.com
There is generally more information in the log than this when the TLS handshake fails. DO NOT over-summarize the logs. > (ever from yahoo servers) > i can't figure out wher my mistake come from. Record a full packet PCAP file containing a session from a Yahoo host. Filter this capture file to contain full packets from exactly one TCP session. Run that through wireshark, see where in the TLS handshake the problem starts. Make the full capture available (post a URL, ...). > here is my postconf -n : http://paste.debian.net/39693/ > postfix version is : 2.9.6-2 (debian stable package) > > can please somebody give me some help (i fear loosing some emails > from yahoo) TLS to your domain looks good when I test. Your server certificate is self-signed, but that's hardly unique to you. The expiration date on the self-signed cert could arguably give some systems indigestion, perhaps a 2-10 year lifetime is more reasonable than 1000 years. Certificate: Data: Version: 1 (0x0) Serial Number: b5:81:fb:cf:95:9e:77:db Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, ST=France, L=Paris, O=effraie.org, OU=effraie.org, CN=effraie.org/emailAddress=r...@effraie.org Validity Not Before: Sep 13 18:28:24 2013 GMT Not After : Jan 14 18:28:24 3013 GMT Subject: C=FR, ST=France, L=Paris, O=effraie.org, OU=effraie.org, CN=effraie.org/emailAddress=r...@effraie.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c4:59:01:87:4a:39:ad:c9:81:42:78:f0:01:2f: ef:b0:56:d9:0b:96:7d:ef:28:4a:d1:68:63:33:dd: 17:2c:08:3c:ac:be:93:f0:dd:11:e0:4a:33:19:77: b1:aa:0d:21:d5:08:3e:ff:c6:43:68:11:22:52:b4: e9:30:df:08:b1:c3:20:a7:3f:ea:a3:3b:48:ed:fb: 6c:41:f0:4d:c4:8a:f2:d9:be:32:e4:7d:b8:91:66: a7:14:61:95:e3:9f:a6:d3:b2:18:7a:5d:1f:4a:84: 1a:e3:20:96:c3:5a:91:d8:cc:14:02:a5:df:7a:ea: 6f:fe:e9:79:83:d2:59:0b:a1 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 76:2a:93:c9:0a:6a:1a:2f:ba:d1:a2:70:05:01:33:a6:fb:d4: 1f:ae:05:bb:92:1c:a1:b7:4b:f9:ec:18:6e:a1:1c:2e:ae:16: e2:14:8a:b6:b3:d0:38:72:63:ee:a4:e4:da:ac:5b:66:9f:79: 8e:87:ee:bd:c5:ec:dc:94:20:0b:0f:a0:19:53:72:cc:60:62: a1:99:b7:1c:b3:56:bf:5a:b1:52:3a:a5:18:b9:31:fa:8f:05: 0a:3b:86:6a:10:59:bd:9f:bf:d3:4c:41:b8:db:c9:dd:73:c9: 41:61:07:31:8a:e6:dc:6d:09:1b:28:69:8d:12:ab:43:51:4b: da:91 -----BEGIN CERTIFICATE----- MIICnTCCAgYCCQC1gfvPlZ532zANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC RlIxDzANBgNVBAgMBkZyYW5jZTEOMAwGA1UEBwwFUGFyaXMxFDASBgNVBAoMC2Vm ZnJhaWUub3JnMRQwEgYDVQQLDAtlZmZyYWllLm9yZzEUMBIGA1UEAwwLZWZmcmFp ZS5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvb3RAZWZmcmFpZS5vcmcwIBcNMTMwOTEz MTgyODI0WhgPMzAxMzAxMTQxODI4MjRaMIGRMQswCQYDVQQGEwJGUjEPMA0GA1UE CAwGRnJhbmNlMQ4wDAYDVQQHDAVQYXJpczEUMBIGA1UECgwLZWZmcmFpZS5vcmcx FDASBgNVBAsMC2VmZnJhaWUub3JnMRQwEgYDVQQDDAtlZmZyYWllLm9yZzEfMB0G CSqGSIb3DQEJARYQcm9vdEBlZmZyYWllLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAxFkBh0o5rcmBQnjwAS/vsFbZC5Z97yhK0WhjM90XLAg8rL6T8N0R 4EozGXexqg0h1Qg+/8ZDaBEiUrTpMN8IscMgpz/qoztI7ftsQfBNxIry2b4y5H24 kWanFGGV45+m07IYel0fSoQa4yCWw1qR2MwUAqXfeupv/ul5g9JZC6ECAwEAATAN BgkqhkiG9w0BAQUFAAOBgQB2KpPJCmoaL7rRonAFATOm+9QfrgW7khyht0v57Bhu oRwurhbiFIq2s9A4cmPupOTarFtmn3mOh+69xezclCALD6AZU3LMYGKhmbccs1a/ WrFSOqUYuTH6jwUKO4ZqEFm9n7/TTEG428ndc8lBYQcxiubcbQkbKGmNEqtDUUva kQ== -----END CERTIFICATE----- -- Viktor.
