Hi Dulux-Oz, On 4 Dec 2023, at 9:20, duluxoz via Postfix-users wrote:
> Hi All, > > This issue is definitely SELinux related, because it only crops up when > SELinux is enabled. > > I'm getting a `TLS handshake failed for service=smtp > peer=[104.199.96.85]:587` error when attempting to rely via mailjet (that's > who's IP that is) and also brevo/sendinblue. > > Any one have any ideas (apart from disabling SELinux - that is *NOT* an > option) :-) > disabling SElinux is never a good option :) On which Linux-Distro is this issue happening? Can you send the SELinux messages from the Linux Audit Subsystem (where SELinux send information about policy violations) from around the time the issue is reported in the mail log? This would be the command: ausearch -m avc -i --start <start-time> --end <end-time> (see "man ausearch" for the syntax of the start- and end-times -- there might be a large number of log entries -- try to limit the time to a few minutes before/after the error occurred) I suspect some files have the wrong SElinux security context label, but which files that are will be told by the audit log messages. Greetings Carsten _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
