Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

Viktor Dukhovni Tue, 12 May 2020 02:42:02 -0700

On Mon, May 11, 2020 at 09:17:16PM -0700, Alexander Vasarab wrote:

> On 11/05/20 23:35 -0400, Viktor Dukhovni wrote:
> >Attaching it is fine, if you're willing to disclose the IP addresses and
> >hostnames of the two servers.
> 
> Okay, I've attached two files; the PCAP and the postfix log.


Indeed the server slams the TCP socket closed after receiving the
client's RCPT command.  Unclear why.  You might try debug_peer_list
next, to see whether the server can log enough cleartext traffic
to expose the SMTP traffic inside TLS.

    May 11 19:29:06 vasaconsulting postfix/smtpd[14174]: 80D73102C036:
        client=mail1.bemta23.messagelabs.com[67.219.246.1]
    May 11 19:29:06 vasaconsulting postfix/smtpd[14174]:
        lost connection after RCPT from 
mail1.bemta23.messagelabs.com[67.219.246.1]
    May 11 19:29:06 vasaconsulting postfix/smtpd[14174]:
        disconnect from mail1.bemta23.messagelabs.com[67.219.246.1]
        ehlo=2 starttls=1 mail=1 rcpt=1 commands=5

The server opened a queue file, which by default happens only after the
first recipient is accepted.  Is there really no other logging for this
process at that time?

-- 
    Viktor.

    -- 3-way TCP
    -- Server greeting
    -- Client EHLO
    -- Server EHLO reply
    -- Client STARTTLS
    -- Server go-ahead

    -- Client TLS HELLO
    [Time since reference or first frame: 0.574920000 seconds]
    Transmission Control Protocol, Src Port: 59453, Dst Port: 25, Seq: 47, Ack: 
251, Len: 201
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1 Record Layer: Handshake Protocol: Client Hello

    -- Server TLS HELLO
    [Time since reference or first frame: 0.575167000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 251, 
Ack: 248, Len: 1448
        Flags: 0x010 (ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Handshake Protocol: Server Hello

    -- Server Certificate and key excahnge
    [Time since reference or first frame: 0.637786000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 1699, 
Ack: 248, Len: 1448
        Flags: 0x018 (PSH, ACK)
    [Time since reference or first frame: 0.700283000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 3147, 
Ack: 248, Len: 1448
        Flags: 0x010 (ACK)
    [Time since reference or first frame: 0.762836000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 4595, 
Ack: 248, Len: 1448
        Flags: 0x018 (PSH, ACK)
    [Time since reference or first frame: 0.762845000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 6043, 
Ack: 248, Len: 452
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Handshake Protocol: Certificate
    Transport Layer Security
        TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
        TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done

    -- Client key exchange, CCS and Finished
    [Time since reference or first frame: 0.826362000 seconds]
    Transmission Control Protocol, Src Port: 59453, Dst Port: 25, Seq: 248, 
Ack: 6495, Len: 126
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
        TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    -- Server Session ticket, CCS and Finished
    [Time since reference or first frame: 0.827649000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 6495, 
Ack: 374, Len: 226
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket
        TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    -- Client EHLO inside TLS
    [Time since reference or first frame: 0.890215000 seconds]
    Transmission Control Protocol, Src Port: 59453, Dst Port: 25, Seq: 374, 
Ack: 6721, Len: 65
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp

    -- Server EHLO reply
    [Time since reference or first frame: 0.890582000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 6721, 
Ack: 439, Len: 213
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp

    -- Client MAIL
    [Time since reference or first frame: 0.953134000 seconds]
    Transmission Control Protocol, Src Port: 59453, Dst Port: 25, Seq: 439, 
Ack: 6934, Len: 62
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp

    -- Server MAIL reply
    [Time since reference or first frame: 0.955403000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 6934, 
Ack: 501, Len: 43
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp

    -- Client RCPT
    [Time since reference or first frame: 1.017831000 seconds]
    Transmission Control Protocol, Src Port: 59453, Dst Port: 25, Seq: 501, 
Ack: 6977, Len: 56
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp

    -- Server RCPT reply, with ~1s delay, perhaps the hard error sleep
    -- time?  (was it a 421 or 521 reply?)
    [Time since reference or first frame: 2.159092000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 6977, 
Ack: 557, Len: 43
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp

    -- Server slams the TCP connection closed, no SSL close-notify.
    [Time since reference or first frame: 2.161183000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 7020, 
Ack: 557, Len: 0
        Flags: 0x011 (FIN, ACK)

    -- Client continues (DATA?, QUIT? ...)
    [Time since reference or first frame: 2.221487000 seconds]
    Transmission Control Protocol, Src Port: 59453, Dst Port: 25, Seq: 557, 
Ack: 7020, Len: 35
        Flags: 0x018 (PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp

    -- But the socket is closed.
    [Time since reference or first frame: 2.221518000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 7020, 
Len: 0
        Flags: 0x004 (RST)

    -- Client also closes, including close-notify
    [Time since reference or first frame: 2.223734000 seconds]
    Transmission Control Protocol, Src Port: 59453, Dst Port: 25, Seq: 592, 
Ack: 7021, Len: 66
        Flags: 0x019 (FIN, PSH, ACK)
    Transport Layer Security
        TLSv1.2 Record Layer: Application Data Protocol: smtp
        TLSv1.2 Record Layer: Encrypted Alert

    -- Server already closed
    [Time since reference or first frame: 2.223750000 seconds]
    Transmission Control Protocol, Src Port: 25, Dst Port: 59453, Seq: 7021, 
Len: 0
        Flags: 0x004 (RST)

Re: "SSL_Shutdown:shutdown while in init" while sending and receiving

Reply via email to