Am 18.02.19 um 12:04 schrieb Viktor Dukhovni:
> diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c
> diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c
Hello Viktor,
I confirm these modifications fix the delivery failure.
... $ sendmail -f sen...@example.org -bv recipi...@gervers.com
Feb 18 19:09:26 mail postfix/tlsproxy[10971]: CONNECT to [5.9.100.168]:25
Feb 18 19:09:26 mail postfix/tlsproxy[10971]: Verified TLS connection
established to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 18 19:09:26 mail postfix/smtp[10969]: Verified TLS connection established
to sys1.mmini.de[5.9.100.168]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 18 19:09:26 mail postfix/tlsproxy[10971]: DISCONNECT [5.9.100.168]:25
Feb 18 19:09:29 mail postfix/smtp[10969]: 443Bhj6rYCzyC:
to=<recipi...@gervers.com>, relay=sys1.mmini.de[5.9.100.168]:25, delay=4,
delays=0.1/0.04/0.47/3.4, dsn=2.1.5, status=deliverable (250 2.1.5 Ok)
Feb 18 19:09:29 mail postfix/cleanup[10975]: 443Bhn6tnBzyS:
message-id=<443bhn6tnb...@mail.example.org>
Feb 18 19:09:30 mail postfix/bounce[10972]: 443Bhj6rYCzyC: sender delivery
status notification: 443Bhn6tnBzyS
...
> These address missing DANE and TLS library initialization in the
> TLS proxy. Another issue remains, in that tlsproxy(8) wants
> unconditional server-side support before it is willing to be a
> client proxy, and therefore also wants server certificates.
that's limitation I currently could tolerate :-)
Thanks!
Andreas
