Connection cache limitations

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection cache limitations

Luca Fornasari
Scenario:
I am managing a Postfix 2.10 installation  acting as an hub for
applications sending emails to the internet.
The Postfix installation in turn uses a relayhost that is an A record
resolving to n IP addresses; TLS to the relayhosts is negotiated
opportunistically anyway it always succeeds.

I suspect connection caching is not available as per
http://www.postfix.org/CONNECTION_CACHE_README.html
"With Postfix versions < 3.4, the Postfix shared connection cache
cannot be used with TLS, because an open TLS connection can be reused
only in the process that creates it. For this reason, the Postfix
smtp(8) client historically always closed the connection after
completing an attempt to deliver mail over TLS."

Is that true also in case of relayhost?
Also I cannot find in the doc how many email transactions are
performed during an SMTP over TLS connection.

Thanks
Luca Fornasari
Reply | Threaded
Open this post in threaded view
|

Re: Connection cache limitations

Wietse Venema
Luca Fornasari:
> "With Postfix versions < 3.4, the Postfix shared connection cache
> cannot be used with TLS, because an open TLS connection can be reused
> only in the process that creates it. For this reason, the Postfix
> smtp(8) client historically always closed the connection after
> completing an attempt to deliver mail over TLS."
> Is that true also in case of relayhost?

All SMTP deliveries.

> Also I cannot find in the doc how many email transactions are
> performed during an SMTP over TLS connection.

Quoting from above: "the Postfix smtp(8) client historically always
closed the connection after completing an attempt to deliver mail
over TLS." That is one attempt per connection.

With Postix 3.4 and later, connection reuse is determined by
smtp_connection_reuse_count_limit (default: 0)
smtp_connection_reuse_time_limit (default: 300s)

Plus, connection reuse needs to be turned on for TLS.

        Wietse