Thanks Victor - so more t-shooting on our end, then - cool
On 24/11/2023 04:16, Viktor Dukhovni via Postfix-users wrote:
On Thu, Nov 23, 2023 at 07:48:33PM +1100, duluxoz via Postfix-users wrote:
Hi All,
This may be a stupid Q, but we're getting a `postfix/tlsproxy[89206]: TLS
handshake failed for service=smtp peer=[104.199.96.85]:25` error in our logs
when trying to relay via an SMTP Relay Service (both Mailjet and
Brevo/SendInBlue). Could our issue be related to this LE issue?
No, failure to complete the TLS handshake is not related to any issues
with the certificates. That said, the handshake works for me:
posttls-finger: Untrusted TLS connection established to
104.199.96.85[104.199.96.85]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (2048 bits) server-digest SHA256
posttls-finger: > EHLO straasha.imrryr.org
posttls-finger: < 250-smtpin.mailjet.com
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-SIZE 15728640
posttls-finger: < 250-VRFY
posttls-finger: < 250-ETRN
posttls-finger: < 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
posttls-finger: < 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-SMTPUTF8
posttls-finger: < 250 CHUNKING
posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 Bye
Unclear why your tlsproxy is having issues. Perhaps the same problem as
Patrick was having with SELinux? Don't configure any client
certificates on your end, or don't enable SELinux?
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
