Viktor Dukhovni:
>
>
> > On Jun 19, 2018, at 1:29 PM, Viktor Dukhovni
> > wrote:
> >
> > In that case, perhaps the below will work?
> >
> > diff --git a/src/smtp/smtp_tls_policy.c b/src/smtp/smtp_tls_policy.c
> > index 13735b21..b5f72376 100644
> > --- a/src/smtp/smtp_tls_policy.c
> > +++
Viktor Dukhovni:
> On Tue, Jun 19, 2018 at 01:22:53PM -0400, Wietse Venema wrote:
>
> > Unfortunately, this would be suboptimal when a site has muliple MX hosts
> > (It may end up making connections to each of them).
> >
> > Viktor's suggestion to skip the dane cache makes more sense.
> >
> >
On Jun 19, 2018, at 2:38 PM, Wietse Venema wrote:
>
> It would not crash, but I don't think it would help.
>
> First, the scache is indexed with keys that include the TLS security
> level for a connection, so that we will never reuse a low-security
> connection to deliver mail for a
Viktor Dukhovni:
> On Jun 19, 2018, at 2:38 PM, Wietse Venema wrote:
> >
> > It would not crash, but I don't think it would help.
> >
> > First, the scache is indexed with keys that include the TLS security
> > level for a connection, so that we will never reuse a low-security
> > connection to
Martin LEUSCH:
> Hi,
>
> I'm trying to create postfix master process listening on port 2525 and
> redirect all email send trough this port to an external address.
>
> I create regexp table "/etc/postfix/canonical-redirect-test" to map any
> address to the external address I want, test query
Hi,
I'm trying to create postfix master process listening on port 2525 and
redirect all email send trough this port to an external address.
I create regexp table "/etc/postfix/canonical-redirect-test" to map any
address to the external address I want, test query with postmap return
the
Ralf Hildebrandt:
> * Ralf Hildebrandt :
>
> > Error inducing change was introduced between postfix-3.4-20180603 and
> > postfix-3.4-20180605-nonprod
>
> I also tried postfix-3.4-20180603-nonprod which seems to be working
> ok! So I guess it must have been between postfix-3.4-20180603-nonprod
>
* Wietse Venema :
> Ralf Hildebrandt:
> > * Ralf Hildebrandt :
> >
> > > Error inducing change was introduced between postfix-3.4-20180603 and
> > > postfix-3.4-20180605-nonprod
> >
> > I also tried postfix-3.4-20180603-nonprod which seems to be working
> > ok! So I guess it must have been
Ralf Hildebrandt:
> * Wietse Venema :
> > Ralf Hildebrandt:
> > > * Ralf Hildebrandt :
> > >
> > > > Error inducing change was introduced between postfix-3.4-20180603 and
> > > > postfix-3.4-20180605-nonprod
> > >
> > > I also tried postfix-3.4-20180603-nonprod which seems to be working
> > >
Viktor Dukhovni:
>
>
> > On Jun 19, 2018, at 11:58 AM, Wietse Venema wrote:
> >
> > No error (btw, posttls-finger -X will chdir() to the queue directory,
> > it just needs root privs).
> >
> > So what was the domain that was failing with the Postfix SMTP client?
>
> The crash (from Ralf's
> On Jun 19, 2018, at 12:21 PM, Wietse Venema wrote:
>
> Argh, the trace ends in the smtp_tls_policy_cache_query which is called from
> more than one place. Investigating...
DANE context initialization needs to know whether the MX hostname
is an alias, and was previously only done per-MX.
> On Jun 19, 2018, at 11:58 AM, Wietse Venema wrote:
>
> No error (btw, posttls-finger -X will chdir() to the queue directory,
> it just needs root privs).
>
> So what was the domain that was failing with the Postfix SMTP client?
The crash (from Ralf's stack trace) was in a code path that
Wietse Venema:
> Viktor Dukhovni:
> >
> >
> > > On Jun 19, 2018, at 11:58 AM, Wietse Venema wrote:
> > >
> > > No error (btw, posttls-finger -X will chdir() to the queue directory,
> > > it just needs root privs).
> > >
> > > So what was the domain that was failing with the Postfix SMTP
> On Jun 19, 2018, at 1:29 PM, Viktor Dukhovni
> wrote:
>
> In that case, perhaps the below will work?
>
> diff --git a/src/smtp/smtp_tls_policy.c b/src/smtp/smtp_tls_policy.c
> index 13735b21..b5f72376 100644
> --- a/src/smtp/smtp_tls_policy.c
> +++ b/src/smtp/smtp_tls_policy.c
> @@ -824,6
Wietse Venema:
> Viktor Dukhovni:
> > On Jun 19, 2018, at 2:38 PM, Wietse Venema wrote:
> > >
> > > It would not crash, but I don't think it would help.
> > >
> > > First, the scache is indexed with keys that include the TLS security
> > > level for a connection, so that we will never reuse a
Ralf, does this helpl?
Wietse
*** ./smtp_connect.c- 2018-06-04 19:21:21.0 -0400
--- ./smtp_connect.c2018-06-19 13:11:30.0 -0400
***
*** 671,676
--- 671,677
* matching sessions. Otherwise, request a dummy "TLS disabled" policy
*
Wietse Venema:
> Ralf, does this helpl?
Unfortunately, this would be suboptimal when a site has muliple MX hosts
(It may end up making connections to each of them).
Viktor's suggestion to skip the dane cache makes more sense.
Viktor, cache wshould terminate after "postfix reload".
>
> On Jun 19, 2018, at 12:32 PM, Viktor Dukhovni
> wrote:
>
> DANE context initialization needs to know whether the MX hostname
> is an alias, and was previously only done per-MX. Now there's
> a new call with "iter->rr" still NULL. The code in dane_init()
> is not prepared for that.
Viktor Dukhovni:
>
>
> > On Jun 19, 2018, at 3:07 PM, Wietse Venema wrote:
> >
> > Viktor Dukhovni:
> >> On Jun 19, 2018, at 2:38 PM, Wietse Venema wrote:
> >>> Or alternatively,
> >>> we should save the original "DANE candidate" level for recording
> >>> in the session cache for nexthop
postfix-3.4-20180619 fixes today's segfault in the connection reuse
logic. I have been unable to reproduce the problem on my own systems
so I'll depend on other people for confirmation.
Wietse
* Ralf Hildebrandt :
> Error inducing change was introduced between postfix-3.4-20180603 and
> postfix-3.4-20180605-nonprod
I also tried postfix-3.4-20180603-nonprod which seems to be working
ok! So I guess it must have been between postfix-3.4-20180603-nonprod
and postfix-3.4-20180605-nonprod
Hi, I took a quick look,
I did not see which version of Postfix this was based on, you may want to
mention it as some settings require a minimum Postfix version to be running. As
well as some command examples you gave have minimum versions needed to work.
I am no expert but I get lots of legit
> Also released as postfix-3.4-20180618.
postfix-3.4-20180618. Is crashing for me:
Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: private/smtp socket:
malformed response
Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile
* Ralf Hildebrandt :
> > Also released as postfix-3.4-20180618.
>
> postfix-3.4-20180618. Is crashing for me:
>
> Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: private/smtp socket:
> malformed response
> Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: transport smtp failure --
> see a
* Ralf Hildebrandt :
> > Also released as postfix-3.4-20180618.
>
> postfix-3.4-20180618. Is crashing for me:
>
> Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: private/smtp socket:
> malformed response
> Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: transport smtp failure --
> see a
25 matches
Mail list logo
