On 6/17/2020 6:37 PM, Wietse Venema wrote:
> If you could share some logging or other symptoms that would speed > up the resolution. > > Wietse This happens with tafile option in tls policy map or smtp_tls_trust_anchor_file set in main.cf and smtp_tls_connection_reuse = yes 2020-06-18T09:20:41.644109+02:00 servername postfix/tlsproxy[122987]: CONNECT to [10.11.12.13]:25 2020-06-18T09:20:41.644288+02:00 servername postfix/tlsproxy[122987]: warning: malformed certificate in TLS_CERTS 2020-06-18T09:20:41.644445+02:00 servername postfix/tlsproxy[122987]: warning: tlsp_get_request_event: receive client TLS settings: Success 2020-06-18T09:20:41.644531+02:00 servername postfix/tlsproxy[122987]: TLS handshake failed for service=smtp peer=[10.11.12.13]:25 2020-06-18T09:20:41.644614+02:00 servername postfix/tlsproxy[122987]: DISCONNECT [10.11.12.13]:25 2020-06-18T09:20:41.644728+02:00 servername postfix/smtp[122985]: warning: private/tlsproxy service role "client" is not available 2020-06-18T09:20:41.649976+02:00 servername postfix/smtp[122985]: A6554300006A: to=<exam...@somedomain.net>, relay=mail.somedomain.net[10.11.12.13]:25, delay=27, delays=26/0.01/0.25/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure) tls_policy_maps: somedomain.net secure ciphers=high tafile=path/to/trust_anchor.pem when adding connection_reuse=no to the policy (with applied patch) the mail is being delivered successfully. I tried several different setups for the tlsproxy in master.cf
