Re: Patch: 3.4.0-RC2 and 3.5 snapshots (was: DANE issue with postfix 3.4.0-RC2)

[A. Schulze]

Am 19.02.19 um 14:28 schrieb A. Schulze:
> 
> A. Schulze:
> 
>> Viktor Dukhovni:
>>
>>> diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c
>>> diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c
> 
> there is an other side effect:
> 
> I configured
> smtpd_tls_cert_file = /etc/ssl/${myhostname}/cert+intermediate.pem
> smtpd_tls_key_file = /etc/ssl/${myhostname}/key.pem
> smtp_tls_cert_file = /etc/ssl/${myhostname}/cert+intermediate.pem
> smtp_tls_key_file = /etc/ssl/${myhostname}/key.pem
> 
> now, on my lab maschine, a little bit complicated via
>     sender_dependent_relayhost_maps
>         @example.org [mail.example.org]:465
> 
> and to enforce the (local required) smtp_wrapper_mode
>     sender_dependent_default_transport_maps
>         @example.org submissions:
> 
> "submissions" is defined in master.cf:
>     submissions                            unix  - - y -     - smtp
>      -o smtp_tls_security_level=encrypt
>      -o smtp_tls_wrappermode=yes
>      -o syslog_name=postfix/${service_name}
> 
> now, "sendmail -f sen...@example.org -bc recipi...@example.org" throw this 
> error:
> 
> Feb 19 14:24:09 spider postfix/pickup[3865]: 443hK512TRzMvsx7: uid=1000 
> from=<sen...@example.org>
> Feb 19 14:24:09 spider postfix/cleanup[3869]: 443hK512TRzMvsx7: 
> message-id=<443hK512TRzMvsx7@$myhostname>
> Feb 19 14:24:09 spider postfix/qmgr[3866]: 443hK512TRzMvsx7: 
> from=<sender@example>, size=302, nrcpt=1 (queue active)
> Feb 19 14:24:09 spider postfix/tlsproxy[3873]: CONNECT to [192.0.2.25]:465
> Feb 19 14:24:09 spider postfix/submissions/smtp[3895]: panic: 
> VSTREAM_CTL_SWAP_FD can't swap descriptors between single-buffered and 
> double-buffered streams
> Feb 19 14:24:09 spider postfix/tlsproxy[3873]: Trusted TLS connection 
> established to mail.example.org[192.0.2.25]:465: TLSv1.3 with cipher 
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) 
> server-signature RSA-PSS (4096 bits) server-digest SHA256
> Feb 19 14:24:10 spider postfix/qmgr[3866]: warning: private/submissions 
> socket: malformed response
> Feb 19 14:24:10 spider postfix/qmgr[3866]: warning: transport submissions 
> failure -- see a previous warning/fatal/panic logfile record for the problem 
> description
> Feb 19 14:24:10 spider postfix/master[2282]: warning: process 
> /usr/lib/postfix/smtp pid 3895 killed by signal 6
> Feb 19 14:24:10 spider postfix/master[2282]: warning: /usr/lib/postfix/smtp: 
> bad command startup -- throttling
> Feb 19 14:24:10 spider postfix/tlsproxy[3873]: DISCONNECT [192.0.2.25]:465
> Feb 19 14:24:10 spider postfix/error[3875]: 443hK512TRzMvsx7: 
> to=<recipi...@example.org>, relay=none, delay=1, delays=0.02/1/0/0.01, 
> dsn=4.3.0, status=undeliverable (unknown mail transport error)
> ( last line isn't the surprise ... )
> 
> I guess it's related to my previous posting.
> 
> Andreas
> 

but this error stay even with Viktor's patch applied.
smtpd_tls_cert_file + smtpd_tls_key_file need to be set, 
smtp_tls_cert_file+smtp_tls_key_file don't matter.


Andreas