Using postfix 3.4-20180605-nonprod as a gateway to an internal
server, with a tls policy of "secure".
3.4-20180605-nonprod has been running *without* connection reuse for
a couple days error-free.
When I set smtp_tls_connection_reuse=yes, I get:
Jun 13 10:53:29 mgate3 postfix/tlsproxy[93495]: warning: cannot get
RSA certificate from file "/var/certs/cert-20180314.pem": disabling
TLS support
Jun 13 10:53:29 mgate3 postfix/tlsproxy[93495]: warning: TLS library
problem: error:0200100D:system library:fopen:Permission
denied:bss_file.c:398:fopen('/var/certs/cert-20180314.pem','r'):
Jun 13 10:53:29 mgate3 postfix/tlsproxy[93495]: warning: TLS library
problem: error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:400:
Jun 13 10:53:29 mgate3 postfix/tlsproxy[93495]: warning: TLS library
problem: error:140DC002:SSL
routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:
Jun 13 10:53:29 mgate3 postfix/smtp[93494]: warning:
private/tlsproxy service role "client" is not available
Temporarily making the cert world-readable clears the error and
allows connection reuse.
Maybe tlsproxy is dropping permissions too soon?
-- Noel Jones
