Hi misc@, I send this mail just in case someone else encounter the issue.
On OpenBSD 6.8-stable, opensmtpd fails to upgrade to TLSv1.2 when relaying mail to a host with a self-signed certificate. - In maillog the error is: mta tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 mta server-cert-check result="failure". - Check with openssl: openssl s_client -connect smtp.example.com:25 -starttls smtp -> Verify return code: 20 (unable to get local issuer certificate) Whereas the same command on OpenBSD 6.8-current returns: -> Verify return code: 18 (self signed certificate) Upgrading to OpenBSD 6.8-current fixes the issue. Note that this is only an issue when enforcing tls verification in smtpd.conf. Otherwise, in my case, I ended-up being greylisted. Thank you all for your work. Best, -- gjadi PGP : AF26 E9C2 A1C8 8D32 A868 4386 1373 5477 2B65 1894