When using /usr/bin/recordio under QMAIL_PRE_SMTPD, SSL connections cannot be made to qmail-smtpd.
Using qmail-1.03-r15. I was attempting to use a combination of recordio and multilog filter commands, to implement error response logging. I was successful in doing so. However, I discovered that any attempted SSL connection dropped. Evidently recordio terminated as the SSL connection began. The resulting log file showed the server's response :220 ready for tls, followed by a string of 8-bit characters from the client. Then nothing, except for the final [EOF] line. I suspect that recordio is dying when it starts to receive the 8-bit data, thus killing qmail-smtpd along with it.
could you please trace what output exactly causes recordio to terminate? i suggest using ethereal or some packet capture tool.
Created attachment 25089 [details] Capture of SMTP traffic during a failed session This capture was done on the client side, using ethereal with the following filter string: "tcp port 25".
Created attachment 25090 [details] Capture of SMTP traffic during failed TLS/Recordio session Same as above, this time as a binary attachment.
Created attachment 25091 [details] Server-side capture of failed session Here is another failed session, as captured from the server side, using tethereal.
The following causes an error regarding TLS (note presence of recordio): # Configuration file for qmail-smtpd # $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-smtpd,v 1.2 2003/11/30 03:00:20 robbat2 Exp $ # Stuff to run before tcpserver #QMAIL_TCPSERVER_PRE="" # Stuff to run before qmail-smtpd QMAIL_SMTP_PRE="recordio" # Stuff to after qmail-smtpd #QMAIL_SMTP_POST="" # this turns off the IDENT grab attempt on connecting TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" # You might want to use rblsmtpd with this, but you need to fill in a RBL server here first # see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details #QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER" QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r dsn.rfc-ignorant.org -r sbl.spamhaus.org -r list.dsbl.org -r bl.spamcop.net" Error from remote server attempting to deliver to gentoo qmail box: 2004-02-10 12:56:46.860111500 new msg 889176 2004-02-10 12:56:46.861980500 info msg 889176: bytes 302 from <root@mx1.uuplus.com> qp 8941 uid 0 2004-02-10 12:56:46.869226500 starting delivery 48788: msg 889176 to remote steven@trustworthy.net 2004-02-10 12:56:46.871254500 status: local 0/10 remote 1/20 2004-02-10 12:56:49.976509500 delivery 48788: deferral: TLS_not_available:_connect_failed:_error:00000000:lib(0):func(0):reason(0)/ 2004-02-10 12:56:49.977614500 status: local 0/10 remote 0/20 [root@mx1 root]# This condition goes away when 'recordio' is removed from the variable in conf-smtpd
steven: could you post a tcpdump on the remote side (trustworthy.net) ? also the smtpd logs around that timeframe.
Created attachment 33801 [details, diff] Maybe this patch I found somewhere in the net fix the problema
I found a fix for this problem by Richard Lyons in a mailing list archive. Analysis as follows. > > It looks as though the patched qmail-smtpd is trying to write to the input > > descriptor. Correct me if I'm wrong, but isn't qmail-smtpd supposed to > > read fd 0, and write on fd 1? >In the TLS patch there will be a line like > SSL_set_fd(ssl,0); >which connects the SSL engine to fd 0. This is not normally a >problem because fd 0 inherited from tcpserver is both writeable >and readable. However, recordio creates a new set of fds when it >runs the child and fd 0 is read-only. The quick fix is to remove >recordio from your run file, for a more permanent solution replace >the above line with > SSL_set_rfd(ssl,0); > SSL_set_wfd(ssl,1);
Created attachment 42047 [details, diff] Fix for starttls and recordio breakage.
Fixed in qmail-1.03-r16. Could you test it, please?
Patch applies and works OK.
Thanks for testing, closing this bug.