To enable SMTP/TLS connection reuse on a running system:
postconf smtp_tls_connection_reuse=yes
postfix reload
To disable SMTP/TLS connection reuse on a running system:
postconf smtp_tls_connection_reuse=no
postfix reload (this also flushes the connection cache)
manually kill any looping tlsproxy process
Unfortunately, already running SMTP client processes will keep using
"smtp_tls_connection_reuse=yes" and talk to tlsproxy until they
have exhausted alternate MXes (subject to smtp_mx_address_limit and
smtp_mx_session_limit). But the odds of the problem returning will
be small.
Wietse
20190906
Bugfix: don't whitewash OpenSSL errors after the plaintext
channel is disabled, to avoid looping on "shutdown while
in init" errors. File: tlsproxy/tlsproxy.c.
diff --exclude=man --exclude=html --exclude=README_FILES --exclude=INSTALL
--exclude=.indent.pro --exclude=Makefile.in -r -ur
/var/tmp/postfix-3.5-20190724/src/tlsproxy/tlsproxy.c ./src/tlsproxy/tlsproxy.c
--- /var/tmp/postfix-3.5-20190724/src/tlsproxy/tlsproxy.c 2019-07-23
18:54:20.000000000 -0400
+++ ./src/tlsproxy/tlsproxy.c 2019-09-06 12:12:27.000000000 -0400
@@ -678,7 +678,8 @@
/*
* Allow buffered-up plaintext output to trickle out.
*/
- if (state->plaintext_buf && NBBIO_WRITE_PEND(state->plaintext_buf))
+ if (state->plaintext_buf && NBBIO_ACTIVE_FLAGS(state->plaintext_buf)
+ && NBBIO_WRITE_PEND(state->plaintext_buf))
return (TLSP_STAT_OK);
tlsp_state_free(state);
return (TLSP_STAT_ERR);
