Yo! I've seen some problems with smtp over tls with postfix lately. On both ends: postfix 2.2.4-1.0.1 libssl0.9.8 0.9.8a-3 The receiving end sees this: Nov 11 16:48:27 zbasel postfix/smtpd[12711]: connect from unknown[10.48.13.2] Nov 11 16:48:28 zbasel postfix/smtpd[12711]: SSL_accept error from unknown[10.48.13.2]: -1 Nov 11 16:48:28 zbasel postfix/smtpd[12711]: warning: TLS library problem: 12711:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:288: Nov 11 16:48:28 zbasel postfix/smtpd[12711]: lost connection after STARTTLS from unknown[10.48.13.2] The sending end: Nov 11 16:48:27 papillon postfix/smtp[8145]: setting up TLS connection to 10.48.13.1 Nov 11 16:48:27 papillon postfix/smtp[8145]: SSL_connect error to 10.48.13.1: -1 Nov 11 16:48:27 papillon postfix/smtp[8145]: warning: TLS library problem: 8145:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:426: Nov 11 16:48:27 papillon postfix/smtp[8145]: 9214284221: to=<whatever>, relay=10.48.13.1[10.48.13.1], delay=0, status=deferred (Cannot start TLS: handshake failure) AFAICT the problem started with the latest libssl upgrade. Strange enough, restarting postfix on the sender fixes the problem for one SMTP session, but the next mail produces the same again. Any ideas? I'm not really sure if I should file a bug to postfix or to libssl. -- vbi -- Beware of the FUD - know your enemies. This week * Patent Law, and how it is currently abused. * http://fortytwo.ch/opinion
Attachment:
pgp40GuFoP178.pgp
Description: PGP signature