On Thu, Feb 20, 2025, 20:08 Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote:
> On Thu, Feb 20, 2025 at 07:20:13PM -0500, Christophe Kalt via > Postfix-users wrote: > > > On Wed, Feb 19, 2025 at 7:41 PM Viktor Dukhovni via Postfix-users < > > postfix-users@postfix.org> wrote: > > > > > On Wed, Feb 19, 2025 at 06:22:42PM -0500, Christophe Kalt via > > > Postfix-users wrote: > > > > > > > Yes. What's even more puzzling is both builds are fairly recent. I > just > > > > happened to rebuild 3.9.1 a few days ago. > > > > IOW, the build environment should be the same for both builds. I've > also > > > > just rebuilt both versions and am getting the same results. > > > > > > What do you have for "smtp_dns_support_level"? > > > > > > $ postconf smtp_dns_support_level > > > > > > DNSSEC/DANE are working on my system and the messages in question are > > > not logged. The message should not be logged unless you've configured > > > Postfix to request DNSSEC-validated lookups. > > > > # postconf smtp_dns_support_level > > smtp_dns_support_level = > > # postconf -nf | egrep \^smtp > > smtp_destination_concurrency_limit = 1 > > smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt > > smtp_tls_connection_reuse = yes > > smtp_tls_security_level = may > > Thanks, that's helpful. Turns out that the change in the default value > of insecure MX TLS policy had unanticipated implications. To be fixed > in the next set of patch releases. :-( Glad to hear you figured this out. I take it that the warnings are harmless and safe to ignore here?
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
