Following a Debian Bookworm update I am now seeing connectivity issues that
were not present before (everything was working perfectly before)
Postfix on the instance starts up fine, i.e. indicating no configuration errors.
The error is:
$ openssl s_client -connect [IPV6_ADDRESS_REDACTED]:25 -starttls smtp
80BB62673F7F0000:error:8000006F:system library:BIO_connect:Connection
refused:../crypto/bio/bio_sock2.c:114:calling connect()
80BB62673F7F0000:error:10000067:BIO routines:BIO_connect:connect
error:../crypto/bio/bio_sock2.c:116:
connect:errno=111
The same error occurs if I use the DNS name in place of the IPv6 address.
postconf -n :
alias_database =
alias_maps =
authorized_submit_users =
compatibility_level = 3.7
config_directory = /etc/postfix-inetgen
data_directory = /var/lib/postfix-inetgen
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = cdb
disable_vrfy_command = yes
enable_long_queue_ids = yes
indexed = ${default_database_type}:${config_directory}/
inet_interfaces = REDACTED,[REDACTED]
inet_protocols = all
lmtp_bind_address = REDACTED
lmtp_bind_address6 = REDACTED
local_recipient_maps =
local_transport = error:5.1.1 Mailbox unavailable
message_size_limit = 20480000
milter_default_action = accept
milter_protocol = 6
multi_instance_enable = yes
multi_instance_group = mta
multi_instance_name = postfix-inetgen
mydestination =
mydomain = example.com
myhostname = rx-0.loc.example.com
mynetworks = 127.0.0.0/8, [::1]/128, REDACTED/32, [REDACTED]/128, REDACTED/32,
[REDACTED]/128
myorigin = $mydomain
parent_domain_matches_subdomains =
postscreen_dnsbl_reply_map = ${indexed}myco_postscreen_reply_map
postscreen_dnsbl_sites = REDACTED.zen.dq.spamhaus.net=127.0.0.[2..255]
queue_directory = /var/spool/postfix-inetgen
rbl_reply_maps = ${indexed}myco_dnsbl_rpl_map
recipient_delimiter = +
relay_domains = ${indexed}myco_relay_domains
relay_recipient_maps = pgsql:${config_directory}/pgsql_relay_recipient_maps.conf
smtp_bind_address = REDACTED
smtp_bind_address6 = REDACTED
smtp_dns_support_level = dnssec
smtp_sasl_auth_enable = no
smtp_tls_security_level = dane
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
${indexed}myco_old_reject, reject_unauth_destination, reject_rhsbl_sender
REDACTED.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_helo
REDACTED.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_reverse_client
REDACTED.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_sender
REDACTED.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_helo
REDACTED.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_reverse_client
REDACTED.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rbl_client
REDACTED.zen.dq.spamhaus.net=127.0.0.[2..255]
smtpd_relay_restrictions = permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks, reject_unauth_destination,
reject_non_fqdn_recipient, reject_unknown_reverse_client_hostname,
reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_sender
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/its_ssl/rx-0.loc.example.com.chain.pem
smtpd_tls_dh1024_param_file = /etc/ssl/its_ssl/mx_dhparams.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_key_file = /etc/ssl/its_ssl/rx-0.loc.example.com.priv
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
tls_eecdh_strong_curve = prime256v1
tls_preempt_cipherlist = yes
transport_maps = ${indexed}myco_transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ${indexed}myco_virtual
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
