[pfx] Re: [ext] list.sys4.de fails with starttls

Patrick Ben Koetter via Postfix-users Sun, 17 Sep 2023 09:21:31 -0700

STARTTLS should be back to normal again. My tests suceeded and I'll give it
another shot when I'm home. At the moment I'm on a rather longish train ride
and internet is shaky - at best.


Yesterday we upgraded LE certs and it seems – we haven't had time to
investigate in that yet – SELinux bite Postfix where it shouldn't.
Astonishingly SELinux has been running like that for 193 days and the problem
should have occurred long time before we exchanged the LE cert. But all of
what I'm writing is rumor and none has been proven. I'll write more when we
have proven what went wrong.

p@rick



* Wietse Venema via Postfix-users <wie...@porcupine.org>:
> In my case, all STARTTLS commands fail. Delivery succeeds after re-connecting 
> with plaintext.
> Apparently, not all connections are retried in plaintext.
> 
> To work around one could say:
> 
>     smtpd_discard_ehlo_keyword_address_maps = cidr:{
>       {188.68.34.52 starttls}
>       {2a03:4000:10:51d:b8ce:63ff:feca:a5a0 starttls}}
> 
> I'll reach out to sys4.de people.
> 
>       Wietse
> 
> SMTP server logging shows that all STARTTLS commands fail (starttls=0/1)
> and that plaintext succeeds (no starttls= logging).
> 
> $ grep 'disconnect from list.sys4.de' /var/log/maillog
> Sep 17 01:58:07 spike postfix/smtpd[53249]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 starttls=0/1 commands=1/2
> Sep 17 01:58:08 spike postfix/smtpd[53249]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 02:07:57 spike postfix/smtpd[53309]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 02:07:58 spike postfix/smtpd[53309]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 mail=1 rcpt=1 
> data=1 quit=1 commands=5
> Sep 17 08:27:52 spike postfix/smtpd[56501]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 08:27:53 spike postfix/smtpd[56501]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 starttls=0/1 commands=1/2
> Sep 17 08:37:49 spike postfix/smtpd[56537]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 08:37:50 spike postfix/smtpd[56537]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 mail=1 rcpt=1 
> data=1 quit=1 commands=5
> Sep 17 09:08:54 spike postfix/smtpd[56707]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 starttls=0/1 commands=1/2
> Sep 17 09:08:55 spike postfix/smtpd[56707]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 09:19:01 spike postfix/smtpd[56772]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 starttls=0/1 commands=1/2
> Sep 17 09:19:02 spike postfix/smtpd[56772]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 09:22:12 spike postfix/smtpd[56805]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 09:22:13 spike postfix/smtpd[56805]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 mail=1 rcpt=1 
> data=1 quit=1 commands=5
> Sep 17 09:25:49 spike postfix/smtpd[56825]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 starttls=0/1 commands=1/2
> Sep 17 09:25:50 spike postfix/smtpd[56825]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 09:27:01 spike postfix/smtpd[56825]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 09:27:04 spike postfix/smtpd[56825]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 mail=1 rcpt=1 
> data=1 quit=1 commands=5
> Sep 17 09:37:30 spike postfix/smtpd[56866]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 09:37:31 spike postfix/smtpd[56866]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 mail=1 rcpt=1 
> data=1 quit=1 commands=5
> Sep 17 09:49:18 spike postfix/smtpd[56909]: disconnect from 
> list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] ehlo=1 starttls=0/1 
> commands=1/2
> Sep 17 09:49:19 spike postfix/smtpd[56909]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 starttls=0/1 commands=1/2
> Sep 17 09:57:20 spike postfix/smtpd[56945]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 starttls=0/1 commands=1/2
> Sep 17 09:57:22 spike postfix/smtpd[56945]: disconnect from 
> list.sys4.de[188.68.34.52] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
> 
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [ext] list.sys4.de fails with starttls

Reply via email to