On Tue, 2014-05-06 at 23:57:41 -0400, Sahil Tandon wrote: > On Wed, 2014-05-07 at 03:31:13 +0000, Viktor Dukhovni wrote: > > > On Tue, May 06, 2014 at 10:49:20PM -0400, Sahil Tandon wrote: > > > > > We are experiencing a problem that seems to manifest *only* when > > > delivering to MXs that exhibit the SSL problem described by Viktor[1] > > > AND connection caching is enabled on demand. > > > > That is when TLS handshakes fail and cleartext connections are made > > to deliver the mail. Such connections may be cached. > > Right. > > > Have you tried disabling TLS, but not the demand caching? > > Not yet, but that is being discussed with the other postmasters; will > probably give it a shot in a few hours. > > > Does the problem *only* lead to erroneous connection re-use via relays > > that are the result of a cleartext fallback? > > I cannot say definitively without more complete log analysis, but that > is my hunch. And, the issue does not seem to occur as a result of the > initial cleartext fallback, but later ... once on-demand caching has > kicked in.
I will parse the last few days worth of logs to verify this, and then follow-up. No need to waste any more time than you already have on this "hunch". -- Sahil Tandon
