Страница 1 из 1
postfix что то хочет сказать
Добавлено: 2010-11-06 23:26:17
Spook1680
egrep '(warning|erroe|fatal|panic):' /var/log/maillog | more
egrep: /some/log/file: No such file or directory
UNISAW# egrep '(warning|erroe|fatal|panic):' /var/log/maillog | more
Nov 6 08:02:42 UNI postfix/postqueue[35231]: warning: Mail system is down -- accessing queue directly
Nov 6 08:10:42 UNI postfix/postqueue[35516]: warning: Mail system is down -- accessing queue directly
Nov 6 08:44:55 UNI postfix/postqueue[36470]: warning: Mail system is down -- accessing queue directly
Nov 6 18:03:02 UNI postfix/smtpd[38104]: warning: TLS library problem: 38104:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:562:
Nov 6 15:59:51 UNI postfix/postqueue[38474]: warning: Mail system is down -- accessing queue directly
Nov 6 16:06:46 UNI postfix/postqueue[38877]: warning: Mail system is down -- accessing queue directly
Nov 6 16:11:49 UNI postfix/postqueue[39167]: warning: Mail system is down -- accessing queue directly
Nov 6 19:14:50 UNI postfix/smtpd[39337]: warning: TLS library problem: 39337:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:562:
Nov 6 16:25:41 UNI postfix/postqueue[39562]: warning: Mail system is down -- accessing queue directly
Nov 6 16:36:29 UNI postfix/postqueue[40027]: warning: Mail system is down -- accessing queue directly
Nov 6 16:51:22 UNI postfix/postqueue[40461]: warning: Mail system is down -- accessing queue directly
Nov 6 17:01:51 UNI postfix/postqueue[40793]: warning: Mail system is down -- accessing queue directly
Nov 6 18:08:44 UNI postfix/postqueue[41659]: warning: Mail system is down -- accessing queue directly
Nov 6 18:11:06 UNI postfix/postqueue[42041]: warning: Mail system is down -- accessing queue directly
Nov 6 21:20:54 UNI postfix/smtpd[42225]: SSL3 alert read:fatal:unknown CA
Nov 6 21:20:54 UNI postfix/smtpd[42225]: warning: TLS library problem: 42225:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1051:SSL alert number 48:
Nov 6 18:42:40 UNI postfix/postqueue[42501]: warning: Mail system is down -- accessing queue directly
Nov 6 18:56:25 UNI postfix/postqueue[42945]: warning: Mail system is down -- accessing queue directly
Подскажите а что не так. (( Исходящая не работает smtp 465 tls
Re: postfix что то хочет сказать
Добавлено: 2011-01-02 16:50:51
Alex Keda
собран криво, поди
Re: postfix что то хочет сказать
Добавлено: 2011-01-02 18:48:06
moury
Spook1680, Похоже, Вы ошиблись при настройке smtps, а именно - в указании файлов сертификатов
postconf | grep tls - в студию.
Re: postfix что то хочет сказать
Добавлено: 2011-11-06 20:54:12
Jesus
Приветствую.. дабы не плодить подобных тем пишу в эту...
проблема погожая.. но не работает 25 порт...
в логах postfix/smtpd[1267]: warning: TLS library problem: 1267:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:578:
Код: Выделить всё
postconf | grep tls
lmtp_enforce_tls = no
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_starttls_timeout = 300s
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_block_early_mail_reply = no
lmtp_tls_cert_file =
lmtp_tls_ciphers = export
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_eccert_file =
lmtp_tls_eckey_file = $lmtp_tls_eccert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_protocols = !SSLv2
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
smtp_enforce_tls = no
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_block_early_mail_reply = no
smtp_tls_cert_file =
smtp_tls_ciphers = export
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_eccert_file =
smtp_tls_eckey_file = $smtp_tls_eccert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = yes
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_protocols = !SSLv2
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = yes
smtpd_client_new_tls_session_rate_limit = 0
smtpd_enforce_tls = no
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_starttls_timeout = ${stress?10}${stress:300}s
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_ciphers = export
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_eccert_file =
smtpd_tls_eckey_file = $smtpd_tls_eccert_file
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers =
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_protocols =
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = yes
tls_append_default_CA = no
tls_daemon_random_bytes = 32
tls_disable_workarounds = CVE-2005-2969 CVE-2010-4180
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_preempt_cipherlist = no
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
tlsproxy_enforce_tls = $smtpd_enforce_tls
tlsproxy_service_name = tlsproxy
tlsproxy_tls_CAfile = $smtpd_tls_CAfile
tlsproxy_tls_CApath = $smtpd_tls_CApath
tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
tlsproxy_tls_cert_file = $smtpd_tls_cert_file
tlsproxy_tls_ciphers = $smtpd_tls_ciphers
tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
tlsproxy_tls_key_file = $smtpd_tls_key_file
tlsproxy_tls_loglevel = $smtpd_tls_loglevel
tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
tlsproxy_tls_protocols = $smtpd_tls_protocols
tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
tlsproxy_tls_security_level = $smtpd_tls_security_level
tlsproxy_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
tlsproxy_use_tls = $smtpd_use_tls
tlsproxy_watchdog_timeout = 10s