Hello, I updated to postfix 3.4.0-RC2 and enabled "smtp_tls_connection_reuse" Now I notice delivery problems to "gervers.com". DANE setup looks OK. https://dane.sys4.de/smtp/gervers.com
"posttls-finger gervers.com" also show posttls-finger: Verified TLS connection established to sys1.mmini.de[2a01:4f8:162:32ac::2]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) But a message to the domain is not delivered. Instead I found this logged by tlsproxy: Feb 17 14:18:28 mail postfix/tlsproxy[14593]: sys1.mmini.de[5.9.100.168]:25: re-using session with untrusted certificate, look for details earlier in the log Feb 17 14:18:28 mail postfix/tlsproxy[14593]: Untrusted TLS connection established to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) But I did not found anything special "earlier in the log" ... Message was delivered immediately as I disabled smtp_tls_connection_reuse: Feb 17 14:37:45 mail postfix/smtp[15157]: Verified TLS connection established to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I could provide further information off-list. Andreas
