On Wed, Oct 15, 2014 at 05:38:55PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Wed, Oct 15, 2014 at 04:54:55PM -0400, Wietse Venema wrote:
> >
> > > > > + } else if (session->tls->level != TLS_LEV_NONE) {
> > >
> > > That should be: session->tls->level > TLS_LEV_MAY, i.e. the condit
Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 04:54:55PM -0400, Wietse Venema wrote:
>
> > > > + } else if (session->tls->level != TLS_LEV_NONE) {
> >
> > That should be: session->tls->level > TLS_LEV_MAY, i.e. the condition
> > that "TLS is required".
>
> Actually, we also need to call smtp_
On Wed, Oct 15, 2014 at 04:54:55PM -0400, Wietse Venema wrote:
> > > + } else if (session->tls->level != TLS_LEV_NONE) {
>
> That should be: session->tls->level > TLS_LEV_MAY, i.e. the condition
> that "TLS is required".
Actually, we also need to call smtp_tls_trouble with MAY, when the
failure
Wietse Venema:
> Viktor Dukhovni:
> > On Wed, Oct 15, 2014 at 04:06:11PM -0400, Wietse Venema wrote:
> > > Does this mean that smtp_trouble() is called when TLS is "none"?
> >
> > Yes, unfortunately when STARTTLS is offered, but not used. As a
> > safety measure we could add an early return to s
Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 04:06:11PM -0400, Wietse Venema wrote:
> > Does this mean that smtp_trouble() is called when TLS is "none"?
>
> Yes, unfortunately when STARTTLS is offered, but not used. As a
> safety measure we could add an early return to smtp_trouble and
> not call
On Wed, Oct 15, 2014 at 04:06:11PM -0400, Wietse Venema wrote:
> > Oops, ignoring a STARTTLS offer with "level = none" misfires as a
> > local configuration error:
> >
> > diff --git a/src/smtp/smtp_trouble.c b/src/smtp/smtp_trouble.c
> > index c323a91..044ab3a 100644
> > --- a/src/smtp/smtp_trou
Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 02:00:35PM -0400, Wietse Venema wrote:
>
> > This means the host announced STARTTLS, smtp_tls_ctx was non-null, and
> > the TLS level was "none".
>
> Oops, ignoring a STARTTLS offer with "level = none" misfires as a
> local configuration error:
>
> dif
On Wed, Oct 15, 2014 at 02:00:35PM -0400, Wietse Venema wrote:
> This means the host announced STARTTLS, smtp_tls_ctx was non-null, and
> the TLS level was "none".
Oops, ignoring a STARTTLS offer with "level = none" misfires as a
local configuration error:
diff --git a/src/smtp/smtp_trouble.c b
Viktor Dukhovni:
> On Wed, Oct 15, 2014 at 11:08:19AM +0200, Ralf Hildebrandt wrote:
>
> > * Ralf Hildebrandt :
> > > Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those
> > > in my mailq output:
> >
> > With 2.12-20141001 (same config!)
> >
> > Oct 15 11:05:34 mail2 postf
On Wed, Oct 15, 2014 at 11:08:19AM +0200, Ralf Hildebrandt wrote:
> * Ralf Hildebrandt :
> > Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those
> > in my mailq output:
>
> With 2.12-20141001 (same config!)
>
> Oct 15 11:05:34 mail2 postfix/smtp[5903]: Host offered STARTTL
* Ralf Hildebrandt :
> * Ralf Hildebrandt :
> > Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those
> > in my mailq output:
>
> With 2.12-20141001 (same config!)
I *JUST* found that the change was introduced between
postfix-2.12-20141009 (working) and postfix-2.12-20141011
* A. Schulze :
>
> Ralf Hildebrandt:
>
> >When I have more time I can test other versions in between.
>
> you may force problematic destination to plaintext (smtp_tls_policy_maps) or
> ignore the STARTTLS announcement (smtp_discard_ehlo_keyword_address_maps)
Well yes.
> both not perfect but w
Ralf Hildebrandt:
When I have more time I can test other versions in between.
you may force problematic destination to plaintext (smtp_tls_policy_maps) or
ignore the STARTTLS announcement (smtp_discard_ehlo_keyword_address_maps)
both not perfect but workarounds ...
Andreas
* Ralf Hildebrandt :
> Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those in
> my mailq output:
With 2.12-20141001 (same config!)
Oct 15 11:05:34 mail2 postfix/smtp[5903]: Host offered STARTTLS:
[smtp.entelnet.bo]
Oct 15 11:05:35 mail2 postfix/smtp[5903]: 3jHGY70x2gzBs34:
14 matches
Mail list logo
