A. Schulze: > Hello, > > I updated to postfix 3.4.0-RC2 and enabled "smtp_tls_connection_reuse" > Now I notice delivery problems to "gervers.com". DANE setup looks OK. > https://dane.sys4.de/smtp/gervers.com > > "posttls-finger gervers.com" also show > posttls-finger: Verified TLS connection established to > sys1.mmini.de[2a01:4f8:162:32ac::2]:25: TLSv1.2 with cipher > ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > But a message to the domain is not delivered. Instead I found this logged by > tlsproxy: > > Feb 17 14:18:28 mail postfix/tlsproxy[14593]: sys1.mmini.de[5.9.100.168]:25: > re-using session with untrusted certificate, look for details earlier in the > log > Feb 17 14:18:28 mail postfix/tlsproxy[14593]: Untrusted TLS connection > established to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher > ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > But I did not found anything special "earlier in the log" ...
Surely the SMTP client logged SOMETHING? Surely the tlsproxy daemon logged SOMETHING when it created the TLS connection? > Message was delivered immediately as I disabled smtp_tls_connection_reuse: > Feb 17 14:37:45 mail postfix/smtp[15157]: Verified TLS connection established > to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher > ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > I could provide further information off-list. > > Andreas >
