Re: SSL Problem with 2.12-20141013 (TLS is required, but unavailable)

Wed, 15 Oct 2014 10:51:11 -0700 

On Wed, Oct 15, 2014 at 11:08:19AM +0200, Ralf Hildebrandt wrote:

> * Ralf Hildebrandt <r...@sys4.de>:
> > Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those 
> > in my mailq output:
> 
> With 2.12-20141001 (same config!)
> 
> Oct 15 11:05:34 mail2 postfix/smtp[5903]: Host offered STARTTLS: 
> [smtp.entelnet.bo]

This is only logged when TLS is disabled for the destination or
TLS is disabled due to a configuration problem or lookup error.

    if ((session->features & SMTP_FEATURE_STARTTLS) &&
        var_smtp_tls_note_starttls_offer &&
        session->tls_level <= TLS_LEV_NONE)
        msg_info("Host offered STARTTLS: [%s]", session->host);

What earlier warnings do you have for "smtp[5903]" that are not
part of some other delivery?

> Oct 15 11:05:35 mail2 postfix/smtp[5903]: 3jHGY70x2gzBs34: 
> to=<cbsx...@entelnet.bo>, relay=smtp.entelnet.bo[200.87.100.30]:25,
> delay=73556, delays=73555/0.03/0.68/0.72, dsn=2.0.0, status=sent (250 
> 22006251 message accepted for delivery)
> 
> > 3jHGY70x2gzBs34       3230 Tue Oct 14 14:39:39 sen...@charite.de
> >                                             (TLS is required, but 
> > unavailable)
> >                                                cbsx...@entelnet.bo
> 
> So what changed between 2.12-20141001 and 2.12-20141013?
> When I have more time I can test other versions in between.

The code path for detecting/reporting TLS session errors.

I don't get "TLS is required, but unavailable":

Oct 15 13:48:49 central-dogma.lan postfix-devel/pickup[64424]: 018F01F97148: 
uid=0 from=<>
Oct 15 13:48:49 central-dogma.lan postfix-devel/cleanup[64428]: 018F01F97148: 
message-id=<20141015174849.018f01f97...@central-dogma.lan>
Oct 15 13:48:49 central-dogma.lan postfix-devel/qmgr[64425]: 018F01F97148: 
from=<>, size=285, nrcpt=1 (queue active)
Oct 15 13:48:50 central-dogma.lan postfix-devel/smtp[64430]: Untrusted TLS 
connection established to smtp.entelnet.bo[200.87.100.30]:25: TLSv1.1 with 
cipher AES256-SHA (256/256 bits)
Oct 15 13:48:50 central-dogma.lan postfix-devel/smtp[64430]: 018F01F97148: 
to=<postmas...@entelnet.bo>, relay=smtp.entelnet.bo[200.87.100.30]:25, 
delay=1.5, delays=0.02/0.02/1.3/0.15, dsn=2.0.0, status=deliverable (250 
postmas...@entelnet.bo will leave the Internet)
Oct 15 13:48:50 central-dogma.lan postfix-devel/bounce[64433]: 018F01F97148: 
not sending trace/success notification for single-bounce message

What's different about the hosts for which this is happening?

-- 
        Viktor.

Reply via email to