From: Terry Barnum on 30 Mar 2010 19:24 Sorry about the flurry of questions today, I'm still getting my feet wet with postfix. pflogsumm pointed out these three warnings about TLS: Mar 28 04:47:54 mail postfix/smtpd[22135]: warning: TLS library problem: 22135:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578: Mar 29 15:12:39 mail postfix/smtpd[35073]: warning: TLS library problem: 35073:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL alert number 46: Mar 29 16:54:20 mail postfix/smtpd[35583]: warning: TLS library problem: 35583:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578: Could these be from my users trying to login with incorrect SSL/TLS/STARTLS settings? There are no warnings today and I got all my users' MUA settings squared away late yesterday. (I moved us to postfix on Friday night.) -Terry
From: Sahil Tandon on 30 Mar 2010 19:50 On Tue, 30 Mar 2010, Terry Barnum wrote: > Mar 28 04:47:54 mail postfix/smtpd[22135]: warning: TLS library problem: 22135:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578: > Mar 29 15:12:39 mail postfix/smtpd[35073]: warning: TLS library problem: 35073:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1102:SSL alert number 46: > Mar 29 16:54:20 mail postfix/smtpd[35583]: warning: TLS library problem: 35583:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578: > > Could these be from my users trying to login with incorrect > SSL/TLS/STARTLS settings? There are no warnings today and I got all my > users' MUA settings squared away late yesterday. (I moved us to > postfix on Friday night.) Search your logs for those smtpd process IDs and try to correlate the TLS problems with client IPs. Do you recognize them as your users? It is likely a problem on the (badly configured) client side rather than a mistake in your Postfix configuration. Perhaps someone more familiar with the innards of SSL can opine. -- Sahil Tandon <sahil(a)tandon.net>
|
Pages: 1 Prev: BCC to Undisclosed-Recipient Next: smtpd-policyd feature. |