Christophe Kalt via Postfix-users:
> Hi,
>
> 3.10.0 is giving me new warnings:
>
> 2025-02-19T02:36:25.415861 warning postfix/smtp warning: DNSSEC validation
> may be unavailable
> 2025-02-19T02:36:25.415870 warning postfix/smtp warning: reason:
> dnssec_probe 'ns:.' received a response that is not DNSSEC validated
> 2025-02-19T02:36:25.527964 info postfix/tlsproxy CONNECT to
> [64.233.167.26]:25
> 2025-02-19T02:36:25.546290 info postfix/smtp Trusted TLS connection
> established to gmail-smtp-in.l.google.com[64.233.167.26]:25: TLSv1.3 with
> cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519
> server-signature ECDSA (prime256v1) server-digest SHA256
>
>
> These are new since upgrading from 3.9.1, which should be the only change
> to my setup.
>
> Curious as to why these are now showing, and whether they are indicating a
> real issue on my side?
That part of POSTFIX has NOT changed.
Does the problem go away if you add "options trust-ad" to
/etc/resolv.conf?
Does the problem go away if your disable Postfix's chroot for the
Postfix SMTP client?
# postconf -F smtp/unix/chroot=n
# postfix reload
Does the problem go away if you rollback to Postfix 3.9.1?
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
