Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Victor Duchovni (Victor.Duchovnimorganstanley.com)
Date: Fri May 30 2008 - 08:33:12 CDT
On Fri, May 30, 2008 at 10:12:59AM +0200, Ethariel wrote:
> I've thougth about the discard_ehlo but it's for too many MTA. I really
> think I've got a misconfiguration, but can't figure which one :)
Your problem report is far too skimpy and anecdotal. You are not doing
the list a favour by sending only a brief summary of the problem.
Send one problem report that contains *detailed*, *unedited* information.
- What version of OpenSSL are you using?
- What version of Postfix?
- Logs from a single problem session with "smtpd_tls_loglevel = 2"
- URI for a binary session captured with "tcpdump -s 8192 -w /some/file",
filtered to capture just the session of intereset with
tcpdump -s 8192 -r /some/file -w /some/other/file ... filter ...
where "filter" is a "tcpdump" expression that pulls out just one
- Details of the server certificate from "openssl x509 -text" including
the command used and its output.
- Evidence that the cert and key match via output from below:
$ openssl x509 -in "$cert" -x509toreq -signkey "$key" 2>/dev/null |
openssl req -pubkey -noout 2>/dev/null |
openssl dgst -sha1
$ openssl rsa -in "$key" -pubout 2>/dev/null |
openssl dgst -sha1
(Replace "rsa" with "dsa" or "ec", in the for now very unlikely
case that your key is not an RSA key, and having a non-RSA key/cert
pair would likely explain your problem).
- Full "postconf -n"
- As much additional detail as may be relevant based on examining the
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.