On 12/05/20 05:40 -0400, Viktor Dukhovni wrote:
Indeed the server slams the TCP socket closed after receiving the
client's RCPT command. Unclear why. You might try debug_peer_list
next, to see whether the server can log enough cleartext traffic
to expose the SMTP traffic inside TLS.
Thanks. Using debug_peer_list, I have a few more pieces of information.
May 12 14:27:21 vasaconsulting postfix/smtpd[3482]: > <data scrubbed>[<data
scrubbed>]: 235 2.7.0 Authentication successful
May 12 14:27:21 vasaconsulting postfix/smtpd[3482]: watchdog_pat: 0x55bec82e41e0
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: < <data scrubbed>[<data scrubbed>]:
MAIL FROM:<<data scrubbed>>
...lots of debug info e.g. send attr, etc...
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: > <data scrubbed>[<data
scrubbed>]: 250 2.1.0 Ok
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: watchdog_pat: 0x55bec82e41e0
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: < <data scrubbed>[<data scrubbed>]:
RCPT TO:<<data scrubbed>>
...lots of debug info e.g. config maps, etc...
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: > <data scrubbed>[<data
scrubbed>]: 250 2.1.5 Ok
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: watchdog_pat: 0x55bec82e41e0
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: warning: TLS library
problem: error:140E0197:SSL routines:SSL_shutdown:shutdown while in
init:../ssl/ssl_lib.c:2086:
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: smtp_get: EOF
...some match_hostname stuff, etc...
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: lost connection after RCPT from
<data scrubbed>[<data scrubbed>]
...abort milter stuff...
May 12 14:27:22 vasaconsulting postfix/smtpd[3482]: disconnect from <data
scrubbed>[<data scrubbed>] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 commands=6
The server opened a queue file, which by default happens only after the
first recipient is accepted. Is there really no other logging for this
process at that time?
That's correct. Just those three lines (plus the warning about TLS
library issue).
What follows is how the conversation above ended. Different than the
PCAP I attached yesterday, this is me sending an email as opposed to an
email being sent to me (it's easier to use debug_peer_list with a
predictable peer aka myself). There's no Encrypted Alert, and only one
RST. I don't know if that's pertinent or not.
[Time since reference or first frame: 0.861553000 seconds]
Transmission Control Protocol, Src Port: 587, Dst Port: 37049, Seq: 7301, Ack:
748, Len: 0
Flags: 0x011 (FIN, ACK)
[Time since reference or first frame: 0.907717000 seconds]
Transmission Control Protocol, Src Port: 37049, Dst Port: 587, Seq: 748, Ack:
7302, Len: 28
Flags: 0x018 (PSH, ACK)
Transport Layer Security
TLSv1.3 Record Layer: Application Data Protocol: smtp
[Time since reference or first frame: 0.907756000 seconds]
Transmission Control Protocol, Src Port: 587, Dst Port: 37049, Seq: 7302, Len: 0
Flags: 0x004 (RST)
Alexander
