Damian via Postfix-users: > I am currently doing some tests with Postfix 3.10 and postfix-tlspol > (using QUERYwithTLSRPT). > > I see positive feedback for DANE as well as MTA-STS on the tlsrpt > socket. However, I was not able to produce negative feedback yet. In > case of "non DNSSEC destination", nothing is written to the tlsrpt > socket, and if I set smtpd_tls_security_level=no on an MX that handles a > DANE-enabled domain, the Postfix 3.10 smtp hangs after establishing the
smtpd_tls_security_level is a SERVER feature that has zero effect on outbound SMTP deliveries. When you report a problem you need to be more accurate in how you describe your Postfix configuration. https://www.postfix.org/DEBUG_README.html#mail > TCP connection. The last log line is of the form > > > smtp[1234567]: DNSSEC-signed TLSA record: _25._tcp.example.com: 3 1 1 > > DEADBEEF... > A tcpdump between smtp and smtpd shows a TCP handshake but no payload at > all. That looks like the remote SMTP server wants to use TLS wrappermode, but your Postfix SMTP client wants to use STARTTLS. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org