Hello,

I updated to postfix 3.4.0-RC2 and enabled "smtp_tls_connection_reuse"
Now I notice delivery problems to "gervers.com". DANE setup looks OK. 
https://dane.sys4.de/smtp/gervers.com

"posttls-finger gervers.com" also show
posttls-finger: Verified TLS connection established to 
sys1.mmini.de[2a01:4f8:162:32ac::2]:25: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

But a message to the domain is not delivered. Instead I found this logged by 
tlsproxy:

Feb 17 14:18:28 mail postfix/tlsproxy[14593]: sys1.mmini.de[5.9.100.168]:25: 
re-using session with untrusted certificate, look for details earlier in the log
Feb 17 14:18:28 mail postfix/tlsproxy[14593]: Untrusted TLS connection 
established to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

But I did not found anything special "earlier in the log" ...

Message was delivered immediately as I disabled smtp_tls_connection_reuse:
Feb 17 14:37:45 mail postfix/smtp[15157]: Verified TLS connection established 
to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

I could provide further information off-list.

Andreas

Reply via email to