|Main Archive Page > Month Archives > postfix-users archives|
On Wed, Oct 27, 2010 at 01:54:29AM +0200, Laurent CARON wrote:
> On Tue, Oct 26, 2010 at 03:48:57PM -0400, Victor Duchovni wrote:
> > On Tue, Oct 26, 2010 at 11:40:49AM +0200, Laurent CARON wrote:
> > > smtpd_tls_ask_ccert = yes
> > Consider turning this off, unless you really make use of client certs,
> > the client may not have a cert, and may give up for that reason.
> Hi Victor,
> You're right. The culpirt was "smtpd_tls_ask_ccert = yes".
> Removed it, restarted postfix to make sure all SSL sessions went down,
> and the mail flow is back to normal.
> It is strange this misbehavior appeared after upgrading.
If the configuration was the same with 2.4.5, it did not appear after
the upgrade, rather you were testing/looking harder, and the mix
of clients or client software versions may have also changed since
you last looked closely. The on-the-wire behaviour of ask_ccert
has not changed, and Postfix 2.4 fully supports this feature.