On 9/25/20 12:18 AM, Viktor Dukhovni wrote: > On Thu, Sep 24, 2020 at 09:26:26PM -0700, PGNet Dev wrote: > I must lodge a complaint on wasting my time here seems your're done, then. thx anyway. > you intimated that just changing openssl.cnf makes the difference. i didn't 'intimate'. i stated so. as that is exactly/only what's changed. and the change it causes has been documented. > But that is clearly not the case, because you're testing different server endpoints, with port > 60465 for the "working" case, and "465" for the non-working case. that's simply not the case as stated 60465 is the dovecot submission port 465 it the postfix submission port the mua submits to dovecot at port 60465 dovecot resubmits to postfix at port 465 that same configuration is used in each/every test. again, the ONLY thing that changed between the 'working' and 'failed' cases is the setting in openssl.cnf I never directly submit to 465 > It seems likely that you don't have TLS wrapper mode on port 60465. port 60465 is, and always has been, configured for implicit SSL -- not starttls usage.
