On 2009-06-19 at 16:00 +0200, Heiko Schlittermann wrote:
> 14450 LOG: MAIN
> 14450 TLS error on connection from p54b3640b.dip.t-dialin.net (hopperxp) [84.179.100.11] (SSL_accept): error:00000000:lib(0):func(0):reason(0)
I've a vague recollection that this means there wasn't an SSL problem,
the connection just went away with a clean SSL shutdown; I'm not more
than 60% sure of this though.
I suspect that the client is just ending when it's asked for a client
cert.
> * Now the client seems to start a new session, proably w/o TLS, but this fails
> * on some sync issue:
Yes, the client doesn't speak SMTP well enough to even wait for a
banner. In a lockstep protocol, that doesn't happen with clients
following protocol -- normally it's a sign of malware but it might also
be someone trying to "game" performance figures by not waiting around at
start-up. So you're left picking up the pieces.
You can work around this either with smtp_enforce_sync in the main
config or in an ACL with "control = no_enforce_sync".
-Phil