On Mon, Dec 04, 2023 at 07:20:08PM +1100, duluxoz via Postfix-users wrote:
> This issue is definitely SELinux related, because it only crops up when
> SELinux is enabled.
>
> I'm getting a `TLS handshake failed for service=smtp
> peer=[104.199.96.85]:587` error when attempting to rely via mailjet (that's
> who's IP that is) and also brevo/sendinblue.
>
> Any one have any ideas (apart from disabling SELinux - that is *NOT* an
> option) :-)
It should be of course, but in the meantime, it would most productive if
you shared your configuration settings. That is, the outputs of:
$ postconf -nf
and
$ postconf -Mf
making sure to not change the spaces or line breaks.
> @Vicktor: you mentioned in a previous reply (which I can't find) about
> someone else having an SELinux issue around postfix's smtp(8)/relay process
> (I think) when I asked a related Q before.
SELinux was preventing "tlsproxy" from opening the client certificate
file. Patrick had client certificates configured for use even with
remote systems where there was no access to be gained based on such
client credentials. I recommend against configuring client certificates
as a default.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
