O365 Journal emails not being delivered to Piler

Issue #1188 closed
Karl Rossing created an issue

We were alerted yesterday that our outbound connector on O365 queue was very high (25k+). Doing some research its been happening for a while. I renamed the smtp.acl and the issue persists. Internal email seems to land fine in piler.

here are some maillog entries

Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.60.51:9003 on fd=7 (active connections: 2)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.51 on fd=6 (1 active connections)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.61.54:32416 on fd=6 (active connections: 2)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: connected from 104.47.61.54:37914 on fd=8 (active connections: 3)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=8: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=8: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: got on fd=8: *STARTTLS#015#012*
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: sent on fd=8: 220 Ready to start TLS
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:19 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.54 on fd=6 (2 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.51 on fd=7 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.54 on fd=8 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.54:6131 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.54 on fd=6 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.58:14148 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.58 on fd=6 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.52:34303 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.60.53:12672 on fd=7 (active connections: 2)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.50:6508 on fd=8 (active connections: 3)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-QB1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=8: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=8: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=8: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=8: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.50 on fd=8 (2 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.52 on fd=6 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.60.53 on fd=7 (0 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.51:37760 on fd=6 (active connections: 1)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=6: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=6: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: connected from 104.47.61.53:65472 on fd=7 (active connections: 2)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *EHLO CAN01-TO1-obe.outbound.protection.outlook.com#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 250-archive.domain.com#015#012250-PIPELINING#015#012250-STARTTLS#015#012250-SIZE#015#012250 8BITMIME
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.51 on fd=6 (1 active connections)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: got on fd=7: *STARTTLS#015#012*
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: starttls request from client
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: sent on fd=7: 220 Ready to start TLS
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: waiting for ssl handshake
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: SSL_accept() result, rc=-1, errorcode: 2, error text: error:00000000:lib(0):func(0):reason(0)
Jun 23 15:49:20 wdc-piler1 piler-smtp[996]: disconnected from 104.47.61.53 on fd=7 (0 active connections)

I tried replacing piler.pem with our wildcard cert but the issue persists.

Piler version is:

/usr/local/sbin/piler-smtp -v
1.3.10 build 998

Here are some ngrep entries *replaced our domain name with domain.com

#
T 104.47.61.54:64814 -> 10.2.4.112:25 [AF] #499
  ..                                                                                                                                                                
##
T 104.47.60.50:46947 -> 10.2.4.112:25 [A] #501
  ..                                                                                                                                                                
#
T 104.47.60.50:46947 -> 10.2.4.112:25 [AF] #502
  ..                                                                                                                                                                
##
T 104.47.60.51:6286 -> 10.2.4.112:25 [AP] #504
  ...........`..Y....C]c..[..k...e..T.A..bH....$.0./.(.'.,.+.$.#.............=.<.5./...T.........archive.domain.com.........................................#...
  ........                                                                                                                                                          
#
T 10.2.4.112:25 -> 104.47.60.51:6286 [AP] #505
  ....5...1..)m...)<.%d...w.....3...$..1....2..5.........#.................0..}0..e........C&.d....I.n.U..0...*.H........0^1.0...U....US1.0...U....DigiCert Inc1.0..
  .U....www.digicert.com1.0...U....GeoTrust RSA CA 20180...210616000000Z..220624235959Z0k1.0...U....CA1.0...U....Manitoba1.0...U....Winnipeg1.0...U....BA Robinson C
  O LTD1.0...U....*.domain.com0.."0...*.H.............0...........vY.:.&..;.!.Q.}..*......N...UjFl.z..Q.QH.|..:.@.Hy.f....Rv.!@...{d....(......ds.Co....X.....d.
  ....w..x.T..0....7...@........H.q>......(.8.....Z.".......3......n..6.T<n..@.\....ZA}..WA.....M.{kU%.Z........*.Q..7..D%..).v.sXR....7..i.5\..6....xC:...8.y......
  .....(0..$0...U.#..0....X...u.QTw....C.8.l.0...U......w.A....2...e..x1.Cv.0+..U...$0"..*.domain.com..domain.com0...U...........0...U.%..0...+.........+...
  ....0>..U...70503.1./.-http://cdp.geotrust.com/GeoTrustRSACA2018.crl0>..U. .70503..g.....0)0'..+.........http://www.digicert.com/CPS0u..+........i0g0&..+.....0...
  http://status.geotrust.com0=..+.....0..1http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0...U.......0.0.....+.....y......o...k.i.v.)y...99!.Vs.c.w..W}.`...M]&\%]
  .....z.PI......G0E. &c.#9.09.......x8X..)fEr.^.......!....w6Z....c....n..+.1.aY[......p.v."EE.YU$V.?./..m..#&c..K.]..\n......z.PI......G0E.!..3..4n6.).&.....E.[.*
  .l..jc.}.... 1%.vy.E.D).Z./....h.d..j.qql\....w.A...."FJ...:.B.^N1.....K.h..b......z.PI......H0F.!....9tG8f.....o......A.....>..ub<.!....B.6.....y.j...).>.f....&.
  t#A30...*.H..............#.+W..Q.......]R1yQj.T8R;...VH{ ..O......Qj.....v..d..........J8Hs.#.FS..'O,Qz..Z..@s......}....ye......m....S......+..:.+. ...Id_csN..K;
  ...X.....K~.......l....Vb.%....T.y!....Zfr.~....._y/.P.;...6..K.\.{...6.k..n).dP......X..c..m..bq.0.,....tD%.E.AbXR............                                   
#
T 104.47.61.54:64814 -> 10.2.4.112:25 [A] #506
  ..                                                                                                                                                                
#
T 104.47.60.50:46947 -> 10.2.4.112:25 [A] #507
  ..                                                                                                                                                                
#
T 104.47.60.51:6286 -> 10.2.4.112:25 [A] #508
  ..                                                                                                                                                                
#
T 104.47.60.51:6286 -> 10.2.4.112:25 [AF] #509
  ..                                                                                                                                                                
####
T 104.47.60.51:6286 -> 10.2.4.112:25 [A] #513
  ..                                                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #514
  ..                                                                                                                                                                
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #515
  220 archive.domain.com ESMTP..                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #516
  EHLO CAN01-QB1-obe.outbound.protection.outlook.com..                                                                                                              
##
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #518
  250-archive.domain.com..250-PIPELINING..250-STARTTLS..250-SIZE..250 8BITMIME..                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #519
  STARTTLS..                                                                                                                                                        
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #520
  220 Ready to start TLS..                                                                                                                                          
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AP] #521
  ...........`..Y)...;sM.`...g......i[..Ew..N..$.0./.(.'.,.+.$.#.............=.<.5./...T.........archive.domain.com.........................................#...
  ........                                                                                                                                                          
#
T 10.2.4.112:25 -> 104.47.60.51:57344 [AP] #522
  ....5...1......V.Y.Sv.J.A...<.f...:..u.8.*...5.........#.................0..}0..e........C&.d....I.n.U..0...*.H........0^1.0...U....US1.0...U....DigiCert Inc1.0..
  .U....www.digicert.com1.0...U....GeoTrust RSA CA 20180...210616000000Z..220624235959Z0k1.0...U....CA1.0...U....Manitoba1.0...U....Winnipeg1.0...U....BA Robinson C
  O LTD1.0...U....*.domain.com0.."0...*.H.............0...........vY.:.&..;.!.Q.}..*......N...UjFl.z..Q.QH.|..:.@.Hy.f....Rv.!@...{d....(......ds.Co....X.....d.
  ....w..x.T..0....7...@........H.q>......(.8.....Z.".......3......n..6.T<n..@.\....ZA}..WA.....M.{kU%.Z........*.Q..7..D%..).v.sXR....7..i.5\..6....xC:...8.y......
  .....(0..$0...U.#..0....X...u.QTw....C.8.l.0...U......w.A....2...e..x1.Cv.0+..U...$0"..*.domain.com..domain.com0...U...........0...U.%..0...+.........+...
  ....0>..U...70503.1./.-http://cdp.geotrust.com/GeoTrustRSACA2018.crl0>..U. .70503..g.....0)0'..+.........http://www.digicert.com/CPS0u..+........i0g0&..+.....0...
  http://status.geotrust.com0=..+.....0..1http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0...U.......0.0.....+.....y......o...k.i.v.)y...99!.Vs.c.w..W}.`...M]&\%]
  .....z.PI......G0E. &c.#9.09.......x8X..)fEr.^.......!....w6Z....c....n..+.1.aY[......p.v."EE.YU$V.?./..m..#&c..K.]..\n......z.PI......G0E.!..3..4n6.).&.....E.[.*
  .l..jc.}.... 1%.vy.E.D).Z./....h.d..j.qql\....w.A...."FJ...:.B.^N1.....K.h..b......z.PI......H0F.!....9tG8f.....o......A.....>..ub<.!....B.6.....y.j...).>.f....&.
  t#A30...*.H..............#.+W..Q.......]R1yQj.T8R;...VH{ ..O......Qj.....v..d..........J8Hs.#.FS..'O,Qz..Z..@s......}....ye......m....S......+..:.+. ...Id_csN..K;
  ...X.....K~.......l....Vb.%....T.y!....Zfr.~....._y/.P.;...6..K.\.{...6.k..n).dP......X..c..m..bq.0.,....tD%.E.AbXR............                                   
###
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #525
  ..                                                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [AF] #526
  ..                                                                                                                                                                
##
T 104.47.60.51:31424 -> 10.2.4.112:25 [A] #528
  ..                                                                                                                                                                
#
T 10.2.4.112:25 -> 104.47.60.51:31424 [AP] #529
  220 archive.domain.com ESMTP..                                                                                                                                
#
T 104.47.60.51:57344 -> 10.2.4.112:25 [A] #530
  ..                                                                                                                                                                
###
T 104.47.60.51:31424 -> 10.2.4.112:25 [AP] #533
  EHLO CAN01-QB1-obe.outbound.protection.outlook.com..                                                                                                              
##
T 10.2.4.112:25 -> 104.47.60.51:31424 [AP] #535
  250-archive.domain.com..250-PIPELINING..250-STARTTLS..250-SIZE..250 8BITMIME..                                                                                
#
T 104.47.60.56:35161 -> 10.2.4.112:25 [A] #536
  ..                                                                                                                                                                
#
T 10.2.4.112:25 -> 104.47.60.56:35161 [AP] #537
  220 archive.domain.com ESMTP..  

Looks for suggestion on next step(s)

Comments (18)

  1. Karl Rossing reporter

    I managed to find a work around.

    I disabled the Security restriction to always use TLS on the connector in O365.

    I was then able to send then able to validate the connector successfully which I wasn’t able to do before.

    I looks like it’s still using TLS when connecting to Piler.

  2. Karl Rossing reporter

    [root@wdc-piler1 jsuto-piler-aab7b712d20c]# gmake

    Making all in src

    make[1]: Entering directory `/root/jsuto-piler-aab7b712d20c/src'

    gcc -std=c99 -O2 -fPIC -Wall -Wextra  -Wuninitialized -Wno-format-truncation -g  -I. -I..  -I/usr/include/mysql -D_GNU_SOURCE -DHAVE_TRE -DNEED_MYSQL -c cfg.c -o cfg.o

    cfg.c: In function ‘get_tls_protocol_number’:

    cfg.c:155:20: error:TLS1_3_VERSION’ undeclared (first use in this function)

    { "TLSv1.3", TLS1_3_VERSION },

    ^

    cfg.c:155:20: note: each undeclared identifier is reported only once for each function it appears in

    cfg.c:155:7: warning: missing initializer for field ‘version’ of ‘struct tls_protocol’ [-Wmissing-field-initializers]

    { "TLSv1.3", TLS1_3_VERSION },

    ^

    In file included from misc.h:13:0,

    from cfg.c:10:

    defs.h:419:8: note:version’ declared here

    int version;

    ^

    cfg.c: At top level:

    cc1: warning: unrecognized command line option "-Wno-format-truncation" [enabled by default]

    make[1]: *** [cfg.o] Error 1

    make[1]: Leaving directory `/root/jsuto-piler-aab7b712d20c/src'

    gmake: *** [all-recursive] Error 1

  3. Janos SUTO repo owner

    Which linux distro and version, what version of openssl?

    Also try removing the 155th line from cfg.c

  4. Karl Rossing reporter

    [root@wdc-piler1 jsuto-piler-aab7b712d20c]# cat /etc/redhat-release 

    CentOS Linux release 7.9.2009 (Core)

    [root@wdc-piler1 jsuto-piler-aab7b712d20c]# openssl version

    OpenSSL 1.0.2k-fips  26 Jan 2017

    Looks like this is available

    Updating:

    openssl                                 x86_64                           1:1.0.2k-21.el7_9                           updates                           493 k

    Updating for dependencies:

    openssl-devel                           x86_64                           1:1.0.2k-21.el7_9                           updates                           1.5 M

    openssl-libs                            x86_64                           1:1.0.2k-21.el7_9                           updates                           1.2 M

  5. Karl Rossing reporter

    gcc -shared -Wl,-soname,libpiler.so.0.1.1 -o libpiler.so.0.1.1 dirs.o misc.o counters.o cfg.o sig.o decoder.o hash.o parser.o parser_utils.o rules.o smtp.o session.o bdat.o message.o attachment.o digest.o store.o archive.o tai.o import.o import_pilerexport.o import_maildir.o import_mailbox.o import_pop3.o import_imap.o imap.o pop3.o extract.o mydomains.o tokenizer.o screen.o  mysql.o

    ln -sf libpiler.so.0.1.1 libpiler.so

    ln -sf libpiler.so.0.1.1 libpiler.so.0

    gcc -std=c99 -O2 -fPIC -Wall -Wextra  -Wuninitialized -Wno-format-truncation -g  -I. -I..  -I/usr/include/mysql -D_GNU_SOURCE -DHAVE_TRE -DNEED_MYSQL -o piler piler.c -lpiler -lz -lm -ldl -lcrypto -lssl -ltre -lzip   -L/usr/lib64/mysql -lmysqlclient -lpthread -lz -lm -ldl -lssl -lcrypto -L.    

    ./libpiler.so: undefined reference to `SSL_CTX_set_min_proto_version'

    collect2: error: ld returned 1 exit status

    make[1]: *** [piler] Error 1

    make[1]: Leaving directory `/root/jsuto-piler-aab7b712d20c/src'

    gmake: *** [all-recursive] Error 1

  6. Janos SUTO repo owner

    Try fixing the 175th line in smtp.c to the following, then recompile, and update piler-smtp binary.

    SSL_CTX_set_options(session->net.ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);

  7. Karl Rossing reporter

    Issue persists

    450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 Security status AlgorithmMismatch]

  8. Janos SUTO repo owner

    Odd. Please contact o365 support and dig deeper what this issue means. My bet is that openssl 1.0.2 in centos7 doesn’t support the protocols o365 requires.

  9. Karl Rossing reporter

    Could I compile lastest or more modern openssl into /usr/local/ and have piler use that?

  10. Janos SUTO repo owner

    I think so, and use some compiler / configure settings to use it instead of the default in /usr

  11. Janos SUTO repo owner

    Is there any update from o365? Or did you manage to solve it by compiling using a more recent version of openssl?

  12. Log in to comment