Postfix and amavis - error on socket when SSL is used

Seba free4cd at googlemail.com
Mon Feb 2 18:34:24 CET 2015 

Yes, IO::Socket::SSL is installed (first trough apt-get and for testing
through CPAN). With both versions (also with amavisd 2.7.1 and 2.10), I get
the SSL error.

The problem doesn't happen always. One mail pass amavisd and postfix
without error, the other mail stuck in the queue because of the SSL error.

If I deactivate SSL in amavisd/postfix everything is working fine. But
amavis and postfix are running on different machines so I want to use SSL
because of security reasons. A slower data throughput with activated SSL
would be no problem.

--
Seba


2015-02-02 15:58 GMT+01:00 Michael D. Wood <mike at itsecuritypros.org>:

> And you have the perl ssl library installed through cpan?
>
> IO::Socket::SSL
>
> Sent from my iPhone
>
> On Feb 2, 2015, at 3:17 AM, Seba <free4cd at googlemail.com> wrote:
>
> Hi,
>
> amavisd line 8392:
>
>       if (length($post) > 20) { $post = substr($post,0,15) . '[...]' }
>
> The whole section:
>
>     $pre = substr($curr_head,0,pos($curr_head)-length($mid))  if !defined
> $pre;
>     $post = substr($curr_head,pos($curr_head))  if !defined $post;
>     if (defined $msg1) {
>       chomp($post);
>       if (length($mid)  > 20) { $mid  = substr($mid, 0,15) . '[...]' }
>       if (length($post) > 20) { $post = substr($post,0,15) . '[...]' }
>       if (length($pre)-length($field_name)-2 > 50-length($post)) {
>         $pre = $field_name . ': ...'
>                . substr($pre, length($pre) - (45-length($post)));
>       }
>
> I've tried to disable the amavisd connection cache but the problem still
> exists.
>
> Today, I get this messages in amavisd log:
>
> Feb  2 08:31:46 filter amavis[1680]: (01680-06) (!)FWD from <xxxx at gmx.de>
> -> <recipient at mydomain.de>, 451 4.5.0 From MTA() during fwd-connect
> (Error upgrading socket to SSL: SSL connect attempt failed with unknown
> error error:14092110:SSL routines:SSL3_GET_SERVER_HELLO:attempt to reuse
> session in different context at /usr/sbin/amavisd-new line 7043.):
> id=01680-06
> Feb  2 08:31:46 filter amavis[1680]: (01680-06) Blocked MTA-BLOCKED
> {TempFailedInbound}, [212.227.15.19]:55087 [94.217.67.44] <xxxx at gmx.de>
> -> <recipient at mydomain.de>, Queue-ID: C3E4FBFD85, Message-ID: <
> 12EC797D-55EE-4B41-A851-0102BFABBAE9 at gmx.de>, mail_id: Uy8tbh2N8JxD,
> Hits: 0, size: 3278, 2138 ms
>
> Line 7043 of amavisd-new:
>
>     %params,
>
> The whole section:
>
>   IO::Socket::SSL->start_SSL($sock, SSL_session_cache => $ssl_cache,
>     SSL_error_trap =>
>       sub { my($sock,$msg)=@_; do_log(-2,"Error on socket: %s",$msg) },
>     %params,
>   ) or die "Error upgrading socket to SSL: ".IO::Socket::SSL::errstr();
>
> 2015-02-02 0:35 GMT+01:00 Michael D. Wood <mike at itsecuritypros.org>:
>
>> What does amavisd line 8392 say?
>>
>> Sent from my iPhone
>>
>> > On Feb 1, 2015, at 7:56 AM, Seba <free4cd at googlemail.com> wrote:
>> >
>> > amavisd line 8392
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20150202/3af8cd1d/attachment.html>

More information about the amavis-users mailing list