Damian via Postfix-users:
> I am currently doing some tests with Postfix 3.10 and postfix-tlspol 
> (using QUERYwithTLSRPT).
> 
> I see positive feedback for DANE as well as MTA-STS on the tlsrpt 
> socket. However, I was not able to produce negative feedback yet. In 
> case of "non DNSSEC destination", nothing is written to the tlsrpt 
> socket, and if I set smtpd_tls_security_level=no on an MX that handles a 
> DANE-enabled domain, the Postfix 3.10 smtp hangs after establishing the 

smtpd_tls_security_level is a SERVER feature that has zero effect
on outbound SMTP deliveries. When you report a problem you need to
be more accurate in how you describe your Postfix configuration.

https://www.postfix.org/DEBUG_README.html#mail

> TCP connection. The last log line is of the form
> 
> > smtp[1234567]: DNSSEC-signed TLSA record: _25._tcp.example.com: 3 1 1 
> > DEADBEEF...
> A tcpdump between smtp and smtpd shows a TCP handshake but no payload at 
> all.

That looks like the remote SMTP server wants to use TLS wrappermode,
but your Postfix SMTP client wants to use STARTTLS.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to