On 13/05/20 00:34 -0400, Viktor Dukhovni wrote:
an SSL_ERROR_WANT_READ. You need to try an updated OpenSSL.
Thanks for your insights. I'm trying new things to try to improve my understanding of the issue. I juggled around some versions. Bumped to libssl 1.1.1g, restarted postfix, problem persisted. I also went to postfix 3.5.1 (out of curiosity, after downgrading back to libssl 1.1.1d) to no avail. I'm not experiencing any other issues (that I know of) on the machine in which TLS is used heavily by other programs with greater activity than postfix. This problem distinctly began immediately after the upgrade (postfix 3.1.14 -> 3.4.10, libssl 1.1.0l -> 1.1.1d). This is not to say that the issue is definitely with postfix, just to give more information. The pattern in which an email fails due to this issue, and then succeeds upon immediately being resent is most perplexing. This is repeatable and suggests that there's some state persisting somewhere. Further, I just tried sending an email from one address via a web-based client (it failed) and immediately sending from my normal MUA, to try to isolate where that state persistence might be. It failed on both, *however*, I realized that I had forgotten to change my MUA's port back to 587 (from 588). I changed it to 587, and repeated this test, and to my surprise, the web-based client failed but the MUA succeeded. It seems like one fix, which is beyond ugly, could be to set up an email to be sent every 5 seconds through the mail server to keep the "TLS warning" state warm, allowing real emails to get through via TLS on their first attempt. As not every mail server immediately retries not over TLS upon a TLS failure, this issue is impacting delivery to a non-insignificant extent. Alexander
