My postfix configuration uses dane-only policies for some domains.
After upgrading from LTS 18.04 to the current developing LTS 20.04 this stopped working.
posttls-finger: initializing the client-side TLS engine
posttls-finger: using DANE RR: _25._tcp.www.bueren.space IN TLSA 3 0 1 D7:BC:71:07:19:28:E7:97:F9:86:52:02:EB:90:99:4B:B1:DB:EE:8D:FF:B5:D5:6D:15:B2:D8:AC:25:99:AA:5F
posttls-finger: setting up TLS connection to www.bueren.space[31.15.68.4]:25
posttls-finger: initializing the client-side TLS engine
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: problem talking to server private/tlsmgr: No such file or directory
posttls-finger: warning: no entropy for TLS key generation: disabling TLS support
Sending email to this domains stopped working with the following (obviously wrong) error message in mail.log:
My postfix configuration uses dane-only policies for some domains.
After upgrading from LTS 18.04 to the current developing LTS 20.04 this stopped working.
Compare the following commands:
Ubuntu 18.04:
$ posttls-finger -t30 -T180 -c -L verbose,summary bueren.space
posttls-finger: initializing the client-side TLS engine www.bueren. space IN TLSA 3 0 1 D7:BC:71: 07:19:28: E7:97:F9: 86:52:02: EB:90:99: 4B:B1:DB: EE:8D:FF: B5:D5:6D: 15:B2:D8: AC:25:99: AA:5F space[31. 15.68.4] :25
posttls-finger: using DANE RR: _25._tcp.
posttls-finger: setting up TLS connection to www.bueren.
Ubuntu 20.04:
$ posttls-finger -t30 -T180 -c -L verbose,summary bueren.space
posttls-finger: initializing the client-side TLS engine
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: problem talking to server private/tlsmgr: No such file or directory
posttls-finger: warning: no entropy for TLS key generation: disabling TLS support
Sending email to this domains stopped working with the following (obviously wrong) error message in mail.log:
to=<email address hidden>, relay=none, delay=2126, delays= 2126/0. 01/0/0, dsn=4.7.5, status=deferred (non DNSSEC destination)
ProblemType: Bug ature: Ubuntu 5.4.0-18.22-generic 5.4.24 erp.de 256color
DistroRelease: Ubuntu 20.04
Package: postfix 3.4.10-1
ProcVersionSign
Uname: Linux 5.4.0-18-generic x86_64
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
Date: Wed Mar 25 11:22:11 2020
EtcMailname: mail.kivitendo.de
Hostname: www.kivitendo.de
InstallationDate: Installed on 2016-12-14 (1196 days ago)
InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.3)
PostconfMydomain: kivitendo-erp.de
PostconfMyhostname: www.kivitendo-
PostconfMyorigin: /etc/mailname
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
ResolvConf:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
nameserver 127.0.0.1
search kivitendo-erp.de
SourcePackage: postfix
UpgradeStatus: Upgraded to focal on 2020-03-02 (23 days ago)