On Fri, Sep 13, 2013 at 11:03:22PM +0200, Mathieu R. wrote:
> >There is generally more information in the log than this when the
> >TLS handshake fails. DO NOT over-summarize the logs.
>
> Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: SSL_accept error
> from ng4.bullet.mail.bf1.yahoo.com[98.139.164.99] lost connection
> Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: lost connection
> after STARTTLS from ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
> Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: disconnect from
> ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
>
> I can [not] find anything more about this in my logs.
If your traffic volume is not too heavy, you can temporarily raise
the Postfix SMTP server TLS log level to "2":
smtpd_tls_loglevel = 2
this will show more details of the TLS handshake.
> >Record a full packet PCAP file containing a session from a Yahoo
> >host. Filter this capture file to contain full packets from exactly
> >one TCP session. Run that through wireshark, see where in the TLS
> >handshake the problem starts. Make the full capture available (post
> >a URL, ...).
>
> Hum, i fully agree to do that, but i'm afraid i don't know how...
> i'm starting googling about it, but i you want to tell me how, i'll
> be thankfull.
# tcpdump -s0 -w /root/yahoo.pcap tcp port 25 and net 98.139.0.0/16 &
use appropriate filename for your mail log below if not /var/log/maillog:
# tail -f /var/log/maillog | grep '/smtpd[^ ]*: SSL_accept error from [^
]*\.yahoo\.com\[98\.139'
wait until at least one, and ideally two new events are logged. Then
stop the tcpdump:
# pkill -INT -x tcpdump
Now find the first session in the capture whose initial SYN packet
is recorded:
# tcpdump -nr /root/yahoo.pcap 'tcp[13] & 0x12 == 0x2'
Note the yahoo client's tcp port number in the first line of output, below
assumed to be 62831:
# tcpdump -s0 -nr /root/yahoo.pcap -w /root/yahoo1.pcap tcp port 62831
Analyze yahoo1.pcap with wireshark and also upload it somewhere so others
can inspect it and help you find the problem.
--
Viktor.
