Wietse Venema:
> A. Schulze:
> >
> >
> > Am 06.09.19 um 14:24 schrieb Wietse Venema:
> >
> > Hello Wietse!
> >
> > > Any particular Postfix and OpenSSL version?
> > postfix-3.4.6
> > openssl-1.1.1c
> >
> > > Does setting tls_fast_shutdown_enable (or tls_fast_shutdown)
> > > make a difference?
> > I could set tls_fast_shutdown = no and try again.
> > Unfortunately that mean I risk an outage on a production system.
>
> To avoid disruption:
>
> postconf smtp_tls_connection_reuse=no
> postfix reload
> then kill the errant postscreen process by hand.
>
> The SMTP clients should automatically reconnect to an alternate MX.
Forget that. The tlsproxy daemon does not use the code that
implements tls_fast_shutdown_enable/tls_fast_shutdown.
In fact the tlsproxy daemon never invokes SSL_shutdown(), except
when there is an I/O error on the plaintext connection between
Postfix SMTP client and tlsproxy process, AFTER the TLS handshake
has completed.
Wietse
