Noel Jones:
> On 6/13/2018 11:19 AM, Viktor Dukhovni wrote:
> >
> >
> >> On Jun 13, 2018, at 12:09 PM, Noel Jones wrote:
> >>
> >> Maybe tlsproxy is dropping permissions too soon?
> >
> > Because it serves multiple SMTP delivery agents, with
> > potentially different client certs, it can't obta
On 6/13/2018 11:19 AM, Viktor Dukhovni wrote:
>
>
>> On Jun 13, 2018, at 12:09 PM, Noel Jones wrote:
>>
>> Maybe tlsproxy is dropping permissions too soon?
>
> Because it serves multiple SMTP delivery agents, with
> potentially different client certs, it can't obtain
> the certs in advance. Th
> On Jun 13, 2018, at 12:09 PM, Noel Jones wrote:
>
> Maybe tlsproxy is dropping permissions too soon?
Because it serves multiple SMTP delivery agents, with
potentially different client certs, it can't obtain
the certs in advance. The solution is to serialize
the client cert and key and pass
Using postfix 3.4-20180605-nonprod as a gateway to an internal
server, with a tls policy of "secure".
3.4-20180605-nonprod has been running *without* connection reuse for
a couple days error-free.
When I set smtp_tls_connection_reuse=yes, I get:
Jun 13 10:53:29 mgate3 postfix/tlsproxy[93495]: wa
