TLS problem
tonio@starbridge.org via amavis-users
amavis-users at amavis.org
Sun Oct 13 12:40:17 CEST 2013
Hi Timo,
I've tried amavisd 2.8.2 rc1, and I've a problem with TLS.
Here the relevant conf in amavisd.conf:
$tls_security_level_in = 'encrypt'; # undef, 'may', 'encrypt', ...
$tls_security_level_out = 'encrypt';
$smtpd_tls_cert_file = '/etc/amavisd/mailstorm3.spamguard.fr-cert.pem';
$smtpd_tls_key_file = '/etc/amavisd/mailstorm3.spamguard.fr-key.pem';
And I've got these in mail.log:
Oct 13 12:21:55 smtp01 amavis[15005]: (15005-01) (!!)Error on socket:
SSL connect attempt failed with unknown error error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed\n
Oct 13 12:21:55 smtp01 amavis[15005]: (15005-01) mail_via_smtp: session
failed: Error upgrading socket to SSL: SSL connect attempt failed with
unknown error error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
/usr/sbin/amavisd line 7734.
Oct 13 12:21:55 smtp01 amavis[15005]: (15005-01) (!)SEND from <> ->
<clean-quarantine at spamguard.fr>, 451 4.5.0 From MTA() during fwd-connect
(Error upgrading socket to SSL: SSL connect attempt failed with unknown
error error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
/usr/sbin/amavisd line 7734.): id=15005-01
Oct 13 12:21:55 smtp01 amavis[15005]: (15005-01) (!!)TROUBLE in
check_mail: quar+notif FAILED: temporarily unable to quarantine: 451
4.5.0 From MTA() during fwd-connect (Error upgrading socket to SSL: SSL
connect attempt failed with unknown error error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
/usr/sbin/amavisd line 7734.): id=15005-01 at /usr/sbin/amavisd line 15591.
Oct 13 12:21:55 smtp01 amavis[15005]: (15005-01) (!)PRESERVING EVIDENCE
in /var/amavis/tmp/amavis-20131013T122154-15005-N4LueMVr
Oct 13 12:21:55 smtp01 amavis[15005]: (15005-01) size: 14475, TIMING
[total 384 ms] - sql-prepare: 1.6 (0%)0, SMTP greeting: 0.
It seems happening since the perl module *IO::Socket::SSL *upgrade from
1.76 to 1.95
_I've tried to downgrade amavisd to 2.8.1 and it's still the same._
some version information:
Debian testing
amavisd-new-2.8.2-rc1 (20130904)
OpenSSL 1.0.1e 11 Feb 2013
Oct 13 12:21:16 smtp01 amavis[14988]: starting. /usr/sbin/amavisd at
mailstorm3.spamguard.fr amavisd-new-2.8.2-rc1 (20130904), Unicode aware,
LANG="en_GB"
Oct 13 12:21:16 smtp01 amavis[14988]: perl=5.018001, user=, EUID: 1002
(1002); group=, EGID: 1002 1002 (1002 1002)
Oct 13 12:21:16 smtp01 amavis[14988]: INFO: no optional modules:
unicore::lib::Nt::De.pl Unix::Getrusage /etc/mail/spamassassin/crm114.pm
auto/POSIX/SigAction/new.al unicore/lib/Nt/De.pl
Oct 13 12:21:16 smtp01 amavis[14988]: SpamControl: scanner SpamAssassin,
module Amavis::SpamControl::SpamAssassin
Oct 13 12:21:16 smtp01 amavis[14988]: SpamControl: scanner DSPAM, module
Amavis::SpamControl::ExtProg
Oct 13 12:21:16 smtp01 amavis[14988]: SpamControl: init_pre_chroot on
SpamAssassin done
Oct 13 12:21:16 smtp01 amavis[14988]: socket module IO::Socket::INET6,
protocol families available: INET, INET6
Oct 13 12:21:16 smtp01 amavis[14988]: bind to
/var/amavis/amavisd.sock|unix, 87.98.168.176:10024/tcp,
87.98.168.176:10026/tcp, 87.98.168.176:9998/tcp,
87.98.168.176:10028/tcp, 87.98.168.176:10023/tcp,
87.98.168.176:10022/tcp, 87.98.168.176:10021/tcp,
87.98.168.176:10020/tcp, 87.98.168.176:10019/tcp,
87.98.168.176:10018/tcp, 87.98.168.176:10017/tcp,
87.98.168.176:10016/tcp, 87.98.168.176:10015/tcp
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Process Backgrounded
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: 2013/10/13-12:21:16
Amavis (type Net::Server::PreForkSimple) starting! pid(14995)
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to UNIX
socket file "/var/amavis/amavisd.sock"
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10024 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10026 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
9998 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10028 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10023 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10022 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10021 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10020 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10019 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10018 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10017 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10016 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Binding to TCP port
10015 on host 87.98.168.176 with IPv4
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: Group Not Defined.
Defaulting to EGID '1002 1002'
Oct 13 12:21:16 smtp01 amavis[14995]: Net::Server: User Not Defined.
Defaulting to EUID '1002'
Oct 13 12:21:16 smtp01 amavis[14995]: config files read: /etc/amavisd.conf
Oct 13 12:21:16 smtp01 amavis[14995]: Module Amavis::Conf 2.319
Oct 13 12:21:16 smtp01 amavis[14995]: Module Archive::Zip 1.30
Oct 13 12:21:16 smtp01 amavis[14995]: Module BerkeleyDB 0.53
Oct 13 12:21:16 smtp01 amavis[14995]: Module Compress::Raw::Zlib 2.062
Oct 13 12:21:16 smtp01 amavis[14995]: Module Compress::Zlib 2.062
Oct 13 12:21:16 smtp01 amavis[14995]: Module Crypt::OpenSSL::RSA 0.28
Oct 13 12:21:16 smtp01 amavis[14995]: Module DBD::mysql 4.024
Oct 13 12:21:16 smtp01 amavis[14995]: Module DBI 1.628
Oct 13 12:21:16 smtp01 amavis[14995]: Module DB_File 1.827
Oct 13 12:21:16 smtp01 amavis[14995]: Module Digest::MD5 2.52
Oct 13 12:21:16 smtp01 amavis[14995]: Module Digest::SHA 5.85
Oct 13 12:21:16 smtp01 amavis[14995]: Module Encode 2.49
Oct 13 12:21:16 smtp01 amavis[14995]: Module File::Temp 0.2302
Oct 13 12:21:16 smtp01 amavis[14995]: Module IO::Socket::INET6 2.69
Oct 13 12:21:16 smtp01 amavis[14995]:*Module IO::Socket::SSL 1.954*
Oct 13 12:21:16 smtp01 amavis[14995]: Module MIME::Entity 5.503
Oct 13 12:21:16 smtp01 amavis[14995]: Module MIME::Parser 5.503
Oct 13 12:21:16 smtp01 amavis[14995]: Module MIME::Tools 5.503
Oct 13 12:21:16 smtp01 amavis[14995]: Module Mail::DKIM::Signer 0.4
Oct 13 12:21:16 smtp01 amavis[14995]: Module Mail::DKIM::Verifier 0.4
Oct 13 12:21:16 smtp01 amavis[14995]: Module Mail::Header 2.12
Oct 13 12:21:16 smtp01 amavis[14995]: Module Mail::Internet 2.12
Oct 13 12:21:16 smtp01 amavis[14995]: Module Mail::SPF v2.009
Oct 13 12:21:16 smtp01 amavis[14995]: Module Mail::SpamAssassin 3.004000
Oct 13 12:21:16 smtp01 amavis[14995]: Module Net::DNS 0.72
Oct 13 12:21:16 smtp01 amavis[14995]: Module Net::SSLeay 1.55
Oct 13 12:21:16 smtp01 amavis[14995]: Module Net::Server 2.007
Oct 13 12:21:16 smtp01 amavis[14995]: Module NetAddr::IP 4.071
Oct 13 12:21:16 smtp01 amavis[14995]: Module Razor2::Client::Version 2.84
Oct 13 12:21:16 smtp01 amavis[14995]: Module Scalar::Util 1.27
Oct 13 12:21:16 smtp01 amavis[14995]: Module Socket 2.011
Oct 13 12:21:16 smtp01 amavis[14995]: Module Socket6 0.23
Oct 13 12:21:16 smtp01 amavis[14995]: Module Time::HiRes 1.9726
Oct 13 12:21:16 smtp01 amavis[14995]: Module URI 1.60
Oct 13 12:21:16 smtp01 amavis[14995]: Module Unix::Syslog 1.1
Thank for your help !
Best regards,
Tonio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20131013/97625e89/attachment.html>
More information about the amavis-users
mailing list