Le 13/09/2013 23:26, Viktor Dukhovni a écrit :
On Fri, Sep 13, 2013 at 11:03:22PM +0200, Mathieu R. wrote:
>There is generally more information in the log than this when the
>TLS handshake fails. DO NOT over-summarize the logs.
Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: SSL_accept error
from ng4.bullet.mail.bf1.yahoo.com[98.139.164.99] lost connection
Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: lost connection
after STARTTLS from ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
Sep 13 22:58:40 effraie01 postfix/smtpd[22230]: disconnect from
ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
I can [not] find anything more about this in my logs.
If your traffic volume is not too heavy, you can temporarily raise
the Postfix SMTP server TLS log level to "2":
smtpd_tls_loglevel = 2
this will show more details of the TLS handshake.
not very much more :
Sep 13 23:33:09 effraie01 postfix/smtpd[25221]: connect from
ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
Sep 13 23:33:44 effraie01 postfix/smtpd[25221]: SSL_accept error from
ng4.bullet.mail.bf1.yahoo.com[98.139.164.99] lost connection
Sep 13 23:33:44 effraie01 postfix/smtpd[25221]: lost connection after
STARTTLS from ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
Sep 13 23:33:44 effraie01 postfix/smtpd[25221]: disconnect from
ng4.bullet.mail.bf1.yahoo.com[98.139.164.99]
>Record a full packet PCAP file containing a session from a Yahoo
>host. Filter this capture file to contain full packets from
exactly
>one TCP session. Run that through wireshark, see where in the TLS
>handshake the problem starts. Make the full capture available
(post
>a URL, ...).
http://bazar.effraie.org/yahoo1.pcap (i personally do not understand
anything from this...)
thank a lot for you help
--
Mathieu R.
