Am 06.09.19 um 18:30 schrieb Wietse Venema: > To enable SMTP/TLS connection reuse on a running system: > > postconf smtp_tls_connection_reuse=yes > postfix reload > > To disable SMTP/TLS connection reuse on a running system: > > postconf smtp_tls_connection_reuse=no > postfix reload (this also flushes the connection cache) > manually kill any looping tlsproxy process > > Unfortunately, already running SMTP client processes will keep using > "smtp_tls_connection_reuse=yes" and talk to tlsproxy until they > have exhausted alternate MXes (subject to smtp_mx_address_limit and > smtp_mx_session_limit). But the odds of the problem returning will > be small. > > Wietse > > 20190906 > > Bugfix: don't whitewash OpenSSL errors after the plaintext > channel is disabled, to avoid looping on "shutdown while > in init" errors. File: tlsproxy/tlsproxy.c. > > diff --exclude=man --exclude=html --exclude=README_FILES --exclude=INSTALL > --exclude=.indent.pro --exclude=Makefile.in -r -ur > /var/tmp/postfix-3.5-20190724/src/tlsproxy/tlsproxy.c > ./src/tlsproxy/tlsproxy.c > --- /var/tmp/postfix-3.5-20190724/src/tlsproxy/tlsproxy.c 2019-07-23 > 18:54:20.000000000 -0400 > +++ ./src/tlsproxy/tlsproxy.c 2019-09-06 12:12:27.000000000 -0400 > @@ -678,7 +678,8 @@ > /* > * Allow buffered-up plaintext output to trickle out. > */ > - if (state->plaintext_buf && NBBIO_WRITE_PEND(state->plaintext_buf)) > + if (state->plaintext_buf && NBBIO_ACTIVE_FLAGS(state->plaintext_buf) > + && NBBIO_WRITE_PEND(state->plaintext_buf)) > return (TLSP_STAT_OK); > tlsp_state_free(state); > return (TLSP_STAT_ERR); >
Hello Wietse, thanks for you effort. I'll deploy a patched version in my lab environment and update the production systems next week. Hopefully I could report "works well" some days later. nice weekend! Andreas
