Wietse Venema: > Postfix snapshot 20180617, released a few minutes ago, introduces > Postfix SMTP client support for multiple deliveries per TLS-encrypted > connection. This is not to be confused with closing a connection > and reusing some TLS state in a new connection.
Below is a tiny patch for tlsproxy. After the remote TLS peer shuts down TLS, the patch allows unsent inbound plaintext to trickle out before tlsproxy tears down the proxied connection. This addresses a sporadic "lost connection after end-of-data" error in the Postfix SMTP client, and addresses a sporadic "lost connection after sending QUIT" error with "posttls-finger -X". Also released as postfix-3.4-20180618. Wietse diff -cr /var/tmp/postfix-3.4-20180617/src/tlsproxy/tlsproxy.c ./src/tlsproxy/tlsproxy.c *** /var/tmp/postfix-3.4-20180617/src/tlsproxy/tlsproxy.c 2018-06-17 12:35:21.000000000 -0400 --- ./src/tlsproxy/tlsproxy.c 2018-06-18 19:36:32.000000000 -0400 *************** *** 474,479 **** --- 474,485 ---- tls_print_errors(); /* FALLTHROUGH */ default: + + /* + * Allow buffered-up plaintext output to trickle out. + */ + if (state->plaintext_buf && NBBIO_WRITE_PEND(state->plaintext_buf)) + return (TLSP_STAT_OK); tlsp_state_free(state); return (TLSP_STAT_ERR); }