Hello, I have recently updated postfix on Arch to 3.4.0 and had an interesting hard-to-debug (with my limited knowledge) problem where it fails to deliver all mail to relayhost via TLS.
main.cf configuration file for that host looks like this: https://gist.github.com/mk-fg/f9ac42ff34a5694ce24cd9a925b32721#file-main-cf master.cf is the default one (available on the same gist as main.cf above), with tlsproxy commented-out. And logs only show two kinds of messages on delivery: postfix/smtp[16394]: initializing the client-side TLS engine postfix/smtp[16393]: 869C7A23AD: TLS is required, but our TLS engine is unavailable Neither of these tells me what the problem with TLS engine was, and why it stopped working in 3.4.0, which I think is the main problem here. I've tried using smtp_tls_loglevel=2 and the usual debug_peer_list=... to get more information on what exactly is failing, but neither of them provides anything else about the problem. What is the expected way for postfix user to get an understanding of why postfix starts failing here after upgrade? I.e. which option it rejects or lacks, for what reason, etc. (while working perfectly and without any warnings in 3.3.2) On IRC I've been pointed out that there are multiple TLS-related changes in 3.4.0, and have yet to look into these, but complete lack of information here looks like a bug in itself. Expected logging would be something like: postfix/smtp: ERROR: smtp_tls_X requires tlsproxy enabled in master.cf or postfix/smtp: ERROR: failed to use certificate ... - openssl error: ... or postfix/smtp: WARNING: smtp_tls_eccert_file is deprecated and will be removed in 3.4.0 But as mentioned, there don't seem to be any such hints. Would also appreciate an advice on how to fix current configuration. Suspect that I might be able to figure it out after looking through 3.4.0 changes though, and altering configuration to use new features. Thanks! -- Mike Kazantsev // fraggod.net
