[eside-ghost] problema MTA (TLS Problem)
Ender
eduvedder en terra.es
Jue Ene 19 13:02:28 CET 2006
Hola,
tengo un MTA que no consigue enviar correos a algunos dominios (pocos y
raros, excepto bea.com).
El mensaje que sale en el log (qmail) es:
2006-01-19 06:55:26.185097500 starting delivery 29548: msg 25185296 to
remote ****@bea.com
2006-01-19 06:55:33.970885500 delivery 29548: deferral:
TLS_not_available:_connect_failed/
Lo que me gustaría es asegurarme de que el problema no es de mi mta y es
del mta remoto, por lo que cualquier comentario lo agradecería...
Lo que creo que pasa es que el mta remoto dice que soporta tls, empieza
la conexion tls y algún problema en el certificado o configuración del
servidor remoto hace que el qmail se grille y corte la conexión...
He hecho la siguiente prueba contra el MX de bea.com y el de irontec.com
(supuse que los faisanes de irontec soportarían tls ;-) ) y este es el
resultado....
CORREOSRV:/var/qmail/service/qmail/log/main# host -t mx irontec.com
irontec.com mail is handled by 1 ironmail.irontec.com.
CORREOSRV:/var/qmail/service/qmail/log/main#
CORREOSRV:/var/qmail/service/qmail/log/main# stunnel -D 7 -n smtp -f -c
-r ironmail.irontec.com:25
2006.01.19 12:37:47 LOG5[24825:1024]: Using 'ironmail.irontec.com.25' as
tcpwrapper service name
2006.01.19 12:37:47 LOG7[24825:1024]: Snagged 64 random bytes
from /root/.rnd
2006.01.19 12:37:47 LOG7[24825:1024]: Wrote 1024 new random bytes
to /root/.rnd
2006.01.19 12:37:47 LOG7[24825:1024]: RAND_status claims sufficient
entropy for the PRNG
2006.01.19 12:37:47 LOG6[24825:1024]: PRNG seeded successfully
2006.01.19 12:37:47 LOG5[24825:1024]: stunnel 3.22 on i586-pc-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.6c 21 dec 2001
2006.01.19 12:37:47 LOG7[24825:1024]: ironmail.irontec.com.25 started
2006.01.19 12:37:47 LOG7[24825:1024]: ironmail.irontec.com.25 connecting
66.111.55.10:25
2006.01.19 12:37:47 LOG7[24825:1024]: Remote FD=3 initialized
2006.01.19 12:37:47 LOG7[24825:1024]: Negotiations for smtp(client side)
started
2006.01.19 12:37:47 LOG7[24825:1024]: <- 220 mai.irontec.com ESMTP
Postfix.
220 mai.irontec.com ESMTP Postfix
2006.01.19 12:37:47 LOG7[24825:1024]: -> 220 mai.irontec.com ESMTP
Postfix...
2006.01.19 12:37:47 LOG7[24825:1024]: -> EHLO localhost..
2006.01.19 12:37:47 LOG7[24825:1024]: <- 250-mai.irontec.com.
2006.01.19 12:37:47 LOG7[24825:1024]: <- 250-PIPELINING.
2006.01.19 12:37:47 LOG7[24825:1024]: <- 250-SIZE 20480000.
2006.01.19 12:37:47 LOG7[24825:1024]: <- 250-VRFY.
2006.01.19 12:37:47 LOG7[24825:1024]: <- 250-ETRN.
2006.01.19 12:37:47 LOG7[24825:1024]: <- 250-STARTTLS.
2006.01.19 12:37:47 LOG7[24825:1024]: <- 250 8BITMIME.
2006.01.19 12:37:47 LOG7[24825:1024]: -> STARTTLS..
2006.01.19 12:37:47 LOG7[24825:1024]: <- 220 Ready to start TLS.
2006.01.19 12:37:47 LOG7[24825:1024]: SSL state (connect):
before/connect initialization
2006.01.19 12:37:47 LOG7[24825:1024]: SSL state (connect): SSLv3 write
client hello A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 read
server hello A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 read
server certificate A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 read
server key exchange A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 read
server done A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 write
client key exchange A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 write
change cipher spec A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 write
finished A
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 flush
data
2006.01.19 12:37:48 LOG7[24825:1024]: SSL state (connect): SSLv3 read
finished A
2006.01.19 12:37:48 LOG7[24825:1024]: 1 items in the session cache
2006.01.19 12:37:48 LOG7[24825:1024]: 1 client connects
(SSL_connect())
2006.01.19 12:37:48 LOG7[24825:1024]: 1 client connects that finished
2006.01.19 12:37:48 LOG7[24825:1024]: 0 client renegotiatations
requested
2006.01.19 12:37:48 LOG7[24825:1024]: 0 server connects
(SSL_accept())
2006.01.19 12:37:48 LOG7[24825:1024]: 0 server connects that finished
2006.01.19 12:37:48 LOG7[24825:1024]: 0 server renegotiatiations
requested
2006.01.19 12:37:48 LOG7[24825:1024]: 0 session cache hits
2006.01.19 12:37:48 LOG7[24825:1024]: 0 session cache misses
2006.01.19 12:37:48 LOG7[24825:1024]: 0 session cache timeouts
2006.01.19 12:37:48 LOG6[24825:1024]: Negotiated ciphers:
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
quit
221 Bye
2006.01.19 12:37:51 LOG7[24825:1024]: SSL socket closed on SSL_read
2006.01.19 12:37:51 LOG5[24825:1024]: Connection closed: 5 bytes sent to
SSL, 9 bytes sent to socket
2006.01.19 12:37:51 LOG7[24825:1024]: ironmail.irontec.com.25 finished
(0 left)
Y ahora contra un MX de bea.com....
CORREOSRV:/var/qmail/service/qmail/log/main# host -t mx bea.com
bea.com mail is handled by 10 ukhwmg01.bea.com.
bea.com mail is handled by 10 ussjmg01.bea.com.
bea.com mail is handled by 10 uslcmg01.bea.com.
CORREOSRV:/var/qmail/service/qmail/log/main#
CORREOSRV:/var/qmail/service/qmail/log/main#
CORREOSRV:/var/qmail/service/qmail/log/main# stunnel -D 7 -n smtp -f -c
-r ukhwmg01.bea.com:25
2006.01.19 12:38:40 LOG5[24962:1024]: Using 'ukhwmg01.bea.com.25' as
tcpwrapper service name
2006.01.19 12:38:40 LOG7[24962:1024]: Snagged 64 random bytes
from /root/.rnd
2006.01.19 12:38:40 LOG7[24962:1024]: Wrote 1024 new random bytes
to /root/.rnd
2006.01.19 12:38:40 LOG7[24962:1024]: RAND_status claims sufficient
entropy for the PRNG
2006.01.19 12:38:40 LOG6[24962:1024]: PRNG seeded successfully
2006.01.19 12:38:40 LOG5[24962:1024]: stunnel 3.22 on i586-pc-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.6c 21 dec 2001
2006.01.19 12:38:40 LOG7[24962:1024]: ukhwmg01.bea.com.25 started
2006.01.19 12:38:40 LOG7[24962:1024]: ukhwmg01.bea.com.25 connecting
194.203.24.251:25
2006.01.19 12:38:40 LOG7[24962:1024]: Remote FD=3 initialized
2006.01.19 12:38:40 LOG7[24962:1024]: Negotiations for smtp(client side)
started
2006.01.19 12:38:51 LOG7[24962:1024]: <- 220 ukhwmg01.bea.com ESMTP
Sendmail Switch-3.0.5/Switch-3.0.0; Thu, 19 Jan 2006 12:00:56 GMT.
220 ukhwmg01.bea.com ESMTP Sendmail Switch-3.0.5/Switch-3.0.0; Thu, 19
Jan 2006 12:00:56 GMT
2006.01.19 12:38:51 LOG7[24962:1024]: -> 220 ukhwmg01.bea.com ESMTP
Sendmail Switch-3.0.5/Switch-3.0.0; Thu, 19 Jan 2006 12:00:56 GMT...
2006.01.19 12:38:51 LOG7[24962:1024]: -> EHLO localhost..
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250-ukhwmg01.bea.com Hello
111.Red-80-59-36.staticIP.rima-tde.net [80.59.36.111], pleased to meet
you.
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250-ENHANCEDSTATUSCODES.
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250-PIPELINING.
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250-8BITMIME.
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250-SIZE 10000000.
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250-STARTTLS.
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250-DELIVERBY.
2006.01.19 12:38:51 LOG7[24962:1024]: <- 250 HELP.
2006.01.19 12:38:51 LOG7[24962:1024]: -> STARTTLS..
2006.01.19 12:38:52 LOG7[24962:1024]: <- 220 2.0.0 Ready to start TLS.
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect):
before/connect initialization
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 write
client hello A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 read
server hello A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 read
server certificate A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 read
server key exchange A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 read
server certificate request A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 read
server done A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL alert (write): warning: no
certificate
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 write
client certificate A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 write
client key exchange A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 write
change cipher spec A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 write
finished A
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 flush
data
2006.01.19 12:38:52 LOG7[24962:1024]: SSL state (connect): SSLv3 read
finished A
2006.01.19 12:38:52 LOG7[24962:1024]: 1 items in the session cache
2006.01.19 12:38:52 LOG7[24962:1024]: 1 client connects
(SSL_connect())
2006.01.19 12:38:52 LOG7[24962:1024]: 1 client connects that finished
2006.01.19 12:38:52 LOG7[24962:1024]: 0 client renegotiatations
requested
2006.01.19 12:38:52 LOG7[24962:1024]: 0 server connects
(SSL_accept())
2006.01.19 12:38:52 LOG7[24962:1024]: 0 server connects that finished
2006.01.19 12:38:52 LOG7[24962:1024]: 0 server renegotiatiations
requested
2006.01.19 12:38:52 LOG7[24962:1024]: 0 session cache hits
2006.01.19 12:38:52 LOG7[24962:1024]: 0 session cache misses
2006.01.19 12:38:52 LOG7[24962:1024]: 0 session cache timeouts
2006.01.19 12:38:52 LOG6[24962:1024]: Negotiated ciphers:
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
quit
221 2.0.0 ukhwmg01.bea.com closing connection
2006.01.19 12:38:58 LOG7[24962:1024]: SSL alert (read): warning: close
notify
2006.01.19 12:38:58 LOG7[24962:1024]: SSL closed on SSL_read
2006.01.19 12:38:58 LOG7[24962:1024]: SSL alert (write): warning: close
notify
2006.01.19 12:38:58 LOG7[24962:1024]: SSL write shutdown (output buffer
empty)
2006.01.19 12:38:58 LOG7[24962:1024]: Socket write shutdown (output
buffer empty)
2006.01.19 12:38:58 LOG5[24962:1024]: Connection closed: 5 bytes sent to
SSL, 47 bytes sent to socket
2006.01.19 12:38:58 LOG7[24962:1024]: ukhwmg01.bea.com.25 finished (0
left)
Si os fijais en el medio hay un warnig (no certificate) y al hacer el
quit salen cosas distintas....
Nu sé... algun comentario? alguien sabe como hacer que el puto qmail no
sea tan quisquilloso? :-D (migrar a postfix NO es una opción).
Saludos,
Ender
Más información sobre la lista de distribución eside-ghost