- edited description
O365 Journal emails not being delivered to Piler
We were alerted yesterday that our outbound connector on O365 queue was very high (25k+). Doing some research its been happening for a while. I renamed the smtp.acl and the issue persists. Internal email seems to land fine in piler.
here are some maillog entries
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.60.51:9003 on fd=7 (active connections: 2)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.51 on fd=6 (1 active connections)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.61.54:32416 on fd=6 (active connections: 2)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.61.54:37914 on fd=8 (active connections: 3)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=8: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=8: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=8: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=8: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.54 on fd=6 (2 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.51 on fd=7 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.54 on fd=8 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.54:6131 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.54 on fd=6 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.58:14148 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.58 on fd=6 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.52:34303 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.53:12672 on fd=7 (active connections: 2)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.50:6508 on fd=8 (active connections: 3)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=8: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=8: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=8: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=8: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.50 on fd=8 (2 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.52 on fd=6 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.53 on fd=7 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.51:37760 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.53:65472 on fd=7 (active connections: 2)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.51 on fd=6 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.53 on fd=7 (0 active connections)
I tried replacing piler.pem with our wildcard cert but the issue persists.
Piler version is:
/usr/local/sbin/piler-smtp -v
1.3.10 build 998
Here are some ngrep entries *replaced our domain name with domain.com
#
T 104.47.61.54:64814 -> 10.2.4.112:25 [AF] #499
..
##
T 104.47.60.50:46947 -> 10.2.4.112:25 [A] #501
..
#
T 104.47.60.50:46947 -> 10.2.4.112:25 [AF] #502
..
##
T 104.47.60.51:6286 -> 10.2.4.112:25 [AP] #504
...........`..Y....C]c..[..k...e..T.A..bH....$.0./.(.'.,.+.$.#.............=.<.5./...T.........archive.domain.com.........................................#...
........
#
T 10.2.4.112:25 -> 104.47.60.51:6286 [AP] #505
....5...1..)m...)<.%d...w.....3...$..1....2..5.........#.................0..}0..e........C&.d....I.n.U..0...*.H........0^1.0...U....US1.0...U....DigiCert Inc1.0..
.U....www.digicert.com1.0...U....GeoTrust RSA CA 20180...210616000000Z..220624235959Z0k1.0...U....CA1.0...U....Manitoba1.0...U....Winnipeg1.0...U....BA Robinson C
O LTD1.0...U....*.domain.com0.."0...*.H.............0...........vY.:.&..;.!.Q.}..*......N...UjFl.z..Q.QH.|..:.@.Hy.f....Rv.!@...{d....(......ds.Co....X.....d.
....w..x.T..0....7...@........H.q>......(.8.....Z.".......3......n..6.T<n..@.\....ZA}..WA.....M.{kU%.Z........*.Q..7..D%..).v.sXR....7..i.5\..6....xC:...8.y......
.....(0..$0...U.#..0....X...u.QTw....C.8.l.0...U......w.A....2...e..x1.Cv.0+..U...$0"..*.domain.com..domain.com0...U...........0...U.%..0...+.........+...
....0>..U...70503.1./.-http://cdp.geotrust.com/GeoTrustRSACA2018.crl0>..U. .70503..g.....0)0'..+.........http://www.digicert.com/CPS0u..+........i0g0&..+.....0...
http://status.geotrust.com0=..+.....0..1http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0...U.......0.0.....+.....y......o...k.i.v.)y...99!.Vs.c.w..W}.`...M]&\%]
.....z.PI......G0E. &c.#9.09.......x8X..)fEr.^.......!....w6Z....c....n..+.1.aY[......p.v."EE.YU$V.?./..m..#&c..K.]..\n......z.PI......G0E.!..3..4n6.).&.....E.[.*
.l..jc.}.... 1%.vy.E.D).Z./....h.d..j.qql\....w.A...."FJ...:.B.^N1.....K.h..b......z.PI......H0F.!....9tG8f.....o......A.....>..ub<.!....B.6.....y.j...).>.f....&.
t#A30...*.H..............#.+W..Q.......]R1yQj.T8R;...VH{ ..O......Qj.....v..d..........J8Hs.#.FS..'O,Qz..Z..@s......}....ye......m....S......+..:.+. ...Id_csN..K;
...X.....K~.......l....Vb.%....T.y!....Zfr.~....._y/.P.;...6..K.\.{...6.k..n).dP......X..c..m..bq.0.,....tD%.E.AbXR............
#
T 104.47.61.54:64814 -> 10.2.4.112:25 [A] #506
..
#
T 104.47.60.50:46947 -> 10.2.4.112:25 [A] #507
..
#
T 104.47.60.51:6286 -> 10.2.4.112:25 [A] #508
..
#
T 104.47.60.51:6286 -> 10.2.4.112:25 [AF] #509
..
####
T 104.47.60.51:6286 -> 10.2.4.112:25 [A] #513
..
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #514
..
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #515
220 archive.domain.com ESMTP..
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #516
EHLO CAN01-QB1-obe.outbound.protection.outlook.com..
##
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #518
250-archive.domain.com..250-PIPELINING..250-STARTTLS..250-SIZE..250 8BITMIME..
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #519
STARTTLS..
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #520
220 Ready to start TLS..
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #521
...........`..Y)...;sM.`...g......i[..Ew..N..$.0./.(.'.,.+.$.#.............=.<.5./...T.........archive.domain.com.........................................#...
........
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #522
....5...1......V.Y.Sv.J.A...<.f...:..u.8.*...5.........#.................0..}0..e........C&.d....I.n.U..0...*.H........0^1.0...U....US1.0...U....DigiCert Inc1.0..
.U....www.digicert.com1.0...U....GeoTrust RSA CA 20180...210616000000Z..220624235959Z0k1.0...U....CA1.0...U....Manitoba1.0...U....Winnipeg1.0...U....BA Robinson C
O LTD1.0...U....*.domain.com0.."0...*.H.............0...........vY.:.&..;.!.Q.}..*......N...UjFl.z..Q.QH.|..:.@.Hy.f....Rv.!@...{d....(......ds.Co....X.....d.
....w..x.T..0....7...@........H.q>......(.8.....Z.".......3......n..6.T<n..@.\....ZA}..WA.....M.{kU%.Z........*.Q..7..D%..).v.sXR....7..i.5\..6....xC:...8.y......
.....(0..$0...U.#..0....X...u.QTw....C.8.l.0...U......w.A....2...e..x1.Cv.0+..U...$0"..*.domain.com..domain.com0...U...........0...U.%..0...+.........+...
....0>..U...70503.1./.-http://cdp.geotrust.com/GeoTrustRSACA2018.crl0>..U. .70503..g.....0)0'..+.........http://www.digicert.com/CPS0u..+........i0g0&..+.....0...
http://status.geotrust.com0=..+.....0..1http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0...U.......0.0.....+.....y......o...k.i.v.)y...99!.Vs.c.w..W}.`...M]&\%]
.....z.PI......G0E. &c.#9.09.......x8X..)fEr.^.......!....w6Z....c....n..+.1.aY[......p.v."EE.YU$V.?./..m..#&c..K.]..\n......z.PI......G0E.!..3..4n6.).&.....E.[.*
.l..jc.}.... 1%.vy.E.D).Z./....h.d..j.qql\....w.A...."FJ...:.B.^N1.....K.h..b......z.PI......H0F.!....9tG8f.....o......A.....>..ub<.!....B.6.....y.j...).>.f....&.
t#A30...*.H..............#.+W..Q.......]R1yQj.T8R;...VH{ ..O......Qj.....v..d..........J8Hs.#.FS..'O,Qz..Z..@s......}....ye......m....S......+..:.+. ...Id_csN..K;
...X.....K~.......l....Vb.%....T.y!....Zfr.~....._y/.P.;...6..K.\.{...6.k..n).dP......X..c..m..bq.0.,....tD%.E.AbXR............
###
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #525
..
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AF] #526
..
##
T 104.47.60.51:31424 -> 10.2.4.112:25 [A] #528
..
#
T 10.2.4.112:25 -> 104.47.60.51:31424 [AP] #529
220 archive.domain.com ESMTP..
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #530
..
###
T 104.47.60.51:31424 -> 10.2.4.112:25 [AP] #533
EHLO CAN01-QB1-obe.outbound.protection.outlook.com..
##
T 10.2.4.112:25 -> 104.47.60.51:31424 [AP] #535
250-archive.domain.com..250-PIPELINING..250-STARTTLS..250-SIZE..250 8BITMIME..
#
T 104.47.60.56:35161 -> 10.2.4.112:25 [A] #536
..
#
T 10.2.4.112:25 -> 104.47.60.56:35161 [AP] #537
220 archive.domain.com ESMTP..
Looks for suggestion on next step(s)
Comments (18)
-
reporter -
reporter I managed to find a work around.
I disabled the Security restriction to always use TLS on the connector in O365.
I was then able to send then able to validate the connector successfully which I wasn’t able to do before.
I looks like it’s still using TLS when connecting to Piler.
-
repo owner Assuming that tls for smtp worked before, probably o365 has changed something. Anyway, try the following. Get the latest master branch, compile it, then upgrade the piler-smtp binary only. It supports a tls minimum version, be sure to set it to 1.2 (or perhaps 1.3). See https://bitbucket.org/jsuto/piler/src/aab7b712d20c8885f66a17feb0a5aa4f9056d839/etc/example.conf#lines-114
-
reporter [root@wdc-piler1 jsuto-piler-aab7b712d20c]# gmake
Making all in src
make[1]: Entering directory `/root/jsuto-piler-aab7b712d20c/src'
gcc -std=c99 -O2 -fPIC -Wall -Wextra -Wuninitialized -Wno-format-truncation -g -I. -I.. -I/usr/include/mysql -D_GNU_SOURCE -DHAVE_TRE -DNEED_MYSQL -c cfg.c -o cfg.o
cfg.c: In function ‘get_tls_protocol_number’:
cfg.c:155:20: error: ‘TLS1_3_VERSION’ undeclared (first use in this function)
{ "TLSv1.3", TLS1_3_VERSION },
^
cfg.c:155:20: note: each undeclared identifier is reported only once for each function it appears in
cfg.c:155:7: warning: missing initializer for field ‘version’ of ‘struct tls_protocol’ [-Wmissing-field-initializers]
{ "TLSv1.3", TLS1_3_VERSION },
^
In file included from misc.h:13:0,
from cfg.c:10:
defs.h:419:8: note: ‘version’ declared here
int version;
^
cfg.c: At top level:
cc1: warning: unrecognized command line option "-Wno-format-truncation" [enabled by default]
make[1]: *** [cfg.o] Error 1
make[1]: Leaving directory `/root/jsuto-piler-aab7b712d20c/src'
gmake: *** [all-recursive] Error 1
-
repo owner Which linux distro and version, what version of openssl?
Also try removing the 155th line from cfg.c
-
reporter [root@wdc-piler1 jsuto-piler-aab7b712d20c]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@wdc-piler1 jsuto-piler-aab7b712d20c]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
Looks like this is available
Updating:
openssl x86_64 1:1.0.2k-21.el7_9 updates 493 k
Updating for dependencies:
openssl-devel x86_64 1:1.0.2k-21.el7_9 updates 1.5 M
openssl-libs x86_64 1:1.0.2k-21.el7_9 updates 1.2 M
-
repo owner Any update?
-
reporter gcc -shared -Wl,-soname,libpiler.so.0.1.1 -o libpiler.so.0.1.1 dirs.o misc.o counters.o cfg.o sig.o decoder.o hash.o parser.o parser_utils.o rules.o smtp.o session.o bdat.o message.o attachment.o digest.o store.o archive.o tai.o import.o import_pilerexport.o import_maildir.o import_mailbox.o import_pop3.o import_imap.o imap.o pop3.o extract.o mydomains.o tokenizer.o screen.o mysql.o
ln -sf libpiler.so.0.1.1 libpiler.so
ln -sf libpiler.so.0.1.1 libpiler.so.0
gcc -std=c99 -O2 -fPIC -Wall -Wextra -Wuninitialized -Wno-format-truncation -g -I. -I.. -I/usr/include/mysql -D_GNU_SOURCE -DHAVE_TRE -DNEED_MYSQL -o piler piler.c -lpiler -lz -lm -ldl -lcrypto -lssl -ltre -lzip -L/usr/lib64/mysql -lmysqlclient -lpthread -lz -lm -ldl -lssl -lcrypto -L.
./libpiler.so: undefined reference to `SSL_CTX_set_min_proto_version'
collect2: error: ld returned 1 exit status
make[1]: *** [piler] Error 1
make[1]: Leaving directory `/root/jsuto-piler-aab7b712d20c/src'
gmake: *** [all-recursive] Error 1
-
reporter This is jsuto-piler-aab7b712d20c that I pulled from last week.
-
repo owner centos7 supports an ancient version of openssl. Anyway, try this commit: https://bitbucket.org/jsuto/piler/commits/817df3c1723f5f6638bcca517a7c5d6d82966c68
-
reporter I applied that commit. I also set tls_min_version=TLSv1.2 in piler.conf
When I enable TLS on O365 and validate the new connector I get the following in the detailed log on O365
450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 Security status AlgorithmMismatch] [LastAttemptedServerName=<REDACTED>.<REDACTED>.com] [LastAttemptedIP=<REDDACTED>:25] [<REDDACTED>.eop-CAN01.prod.protection.outlook.com]
-
repo owner Try fixing the 175th line in smtp.c to the following, then recompile, and update piler-smtp binary.
SSL_CTX_set_options(session->net.ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
-
reporter Issue persists
450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 Security status AlgorithmMismatch]
-
repo owner Odd. Please contact o365 support and dig deeper what this issue means. My bet is that openssl 1.0.2 in centos7 doesn’t support the protocols o365 requires.
-
reporter Could I compile lastest or more modern openssl into /usr/local/ and have piler use that?
-
repo owner I think so, and use some compiler / configure settings to use it instead of the default in /usr
-
repo owner Is there any update from o365? Or did you manage to solve it by compiling using a more recent version of openssl?
-
repo owner - changed status to closed
Let me know if there's an update on the matter.
- Log in to comment