Thanks for your replies.
@andreas: Well, it was a bit hidden in my bug report but the real issue is that postfix doesn't delivers mail to dane-only domains: to=<xxx@bueren.space>, relay=none, delay=2126, delays=2126/0.01/0/0, dsn=4.7.5, status=deferred (non DNSSEC destination) I created one test account you may use to send some local mail to: ubuntu-bug@bueren.space This is valid DANE domain and to reproduce the issue use the following tls policies: smtp_tls_policy_maps = hash:/etc/postfix/tls_policy $ cat /etc/postfix/tls_policy bueren.space dane-only The smtp local client tries to verifiy the TLSA entries by using DNSSEC. I simply use a local unbound DNS server. This setting stopped working after the upgrade. Maybe the posttls-finger is not so important, but this will trouble all mail admins who have some dane-only entries in their policy (Oops, my DNS Server DNSSEC is bogus -> Nope. Probably the other mail server isn't DANE safe anymore -> Nope.). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868955 Title: after upgrade to 20.04: posttls cannot connect to private/tlsmgr To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1868955/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs