On 07/09/2023 20:46 EEST Ralph Seichter via dovecot dovecot@dovecot.org wrote:
- Aki Tuomi via dovecot:
I updated the settings a bit on the server as well. Maybe it works better now?
Yes, it does indeed:
Sep 7 19:33:23 ra postfix/smtp[14429]: Trusted TLS connection established to talvi.dovecot.org[2a04:3545:1000:720:acc1:5bff:fe5e:459]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384 Sep 7 19:33:24 ra postfix/smtp[14429]: 1989FBE002A: to=dovecot-request@dovecot.org, relay=talvi.dovecot.org[2a04:3545:1000:720:acc1:5bff:fe5e:459]:25, delay=4.3, delays=0.01/0.01/3.6/0.73, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D22D55DEF4)
Thank you, Aki. Would you be willing to share what was changed in your server's settings and/or certificates? I am still wondering what exactly caused the issue. By the way, I have reverted all TLS-related changes previously used for testing on my end, returning to Postfix's defaults.
-Ralph
Mostly just disabled older TLS stuff and in particular enabled TLSv1.3.
Aki