Viktor Dukhovni via Postfix-users:
> > > The best solution is [to] configure client certs *sparingly*, only
> > > for transports dedicated to destinations that definitely need the
> > > client certs, and not otherwise.
> >
> > Why? I feel a little like I was feeling in the early 2000s when we had
On Mon, Sep 25, 2023 at 04:24:55PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > Do you have SMTP client TLS connection reuse enabled? If so, TLS
> > connections are made via tlsproxy(8), with the smtp(8) client
> > unaware of any initialisation issues until STARTTLS.
>
> Well
* Viktor Dukhovni via Postfix-users :
> On Sun, Sep 17, 2023 at 06:20:53PM +0200, Patrick Ben Koetter via
> Postfix-users wrote:
>
> > Yesterday we upgraded LE certs and it seems – we haven't had time to
> > investigate in that yet – SELinux bite Postfix where it shouldn't.
> > Astonishingly
On Sun, Sep 17, 2023 at 06:20:53PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> Yesterday we upgraded LE certs and it seems – we haven't had time to
> investigate in that yet – SELinux bite Postfix where it shouldn't.
> Astonishingly SELinux has been running like that for 193 days and
STARTTLS should be back to normal again. My tests suceeded and I'll give it
another shot when I'm home. At the moment I'm on a rather longish train ride
and internet is shaky - at best.
Yesterday we upgraded LE certs and it seems – we haven't had time to
investigate in that yet – SELinux bite
In my case, all STARTTLS commands fail. Delivery succeeds after re-connecting
with plaintext.
Apparently, not all connections are retried in plaintext.
To work around one could say:
smtpd_discard_ehlo_keyword_address_maps = cidr:{
{188.68.34.52 starttls}
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, 2023-09-17 at 15:24 +0200, Herbert J. Skuhra via Postfix-users
wrote:
> On Fri, 17 Mar 2023 14:32:06 +0100, Ralf Hildebrandt via Postfix-users
> wrote:
> >
> > * Benny Pedersen via Postfix-users :
> > > Mar 17 11:38:31 localhost
On Fri, 17 Mar 2023 14:32:06 +0100, Ralf Hildebrandt via Postfix-users wrote:
>
> * Benny Pedersen via Postfix-users :
> > Mar 17 11:38:31 localhost postfix/smtpd[22150]: lost connection after
> > STARTTLS from list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0]
> > Mar 17 12:09:10 localhost
* Benny Pedersen via Postfix-users :
> Mar 17 11:38:31 localhost postfix/smtpd[22150]: lost connection after
> STARTTLS from list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0]
> Mar 17 12:09:10 localhost postfix/smtpd[23415]: lost connection after
> STARTTLS from