On Fri, 31 Aug 2007 13:58:07 +0200
Stefan Priebe <[EMAIL PROTECTED]> wrote:
> To 4.) perhaps the new instance also solves this problem. I don't
> remember the failure - i only know that it was TLS related. And the
> connection fails after TLS command.
It does not solve it, it seems to be a problem with the SSL socket. We
can't close it properly with
$ssl_sock->close(SSL_no_shutdown => 1, SSL_ctx_free => 1);
The child would have no socket to talk to the next client...
Downgrading to clear text doesn't seem to bee supported by
IO::Socket::SSL. I guess that -async would have the same problem (if
SSL would be possible).
For now it seems like the only solution is to exit the process if SSL
and non-SSL connections are used on the same port (STARTTLS),
prefereably not in hook_disconnect() but in hook_post_connection(), see
attached diff. With SSL-only connections on port 465 everything works
fine for me.
Hanno
Index: plugins/tls
===================================================================
--- plugins/tls (revision 784)
+++ plugins/tls (working copy)
@@ -151,6 +151,23 @@
return DECLINED;
}
+# work-around for failed connections in -prefork after STARTTLS connection:
+sub hook_post_connection {
+ my $self = shift;
+
+ return (DECLINED)
+ unless $self->qp->isa('Qpsmtpd::SMTP::Prefork');
+
+ return (DECLINED)
+ if $self->qp->connection->local_port == 465;
+
+ if ($self->connection->notes('tls_enabled')) {
+ $self->log(LOGWARN, "Exiting, because 'tls_enabled' was true.");
+ exit;
+ }
+ return(DECLINED);
+}
+
sub _convert_to_ssl {
my ($self) = @_;
