On 12/3/23 12:29, Jeremy Ardley wrote:
On 12/3/23 08:48, jeremy ardley wrote:
Received: from edge.bronzemail.com
(2403-5800-c000-1b7-f3d4-d970-ca28-bf4f.ip6.aussiebb.net
[IPv6:2403:5800:c000:1b7:f3d4:d970:ca28:bf4f])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
client-signature RSA-PSS (2048 bits))
(Client CN "edge.bronzemail.com", Issuer "R3" (not verified))
by mail.bronzemail.com (Postfix) with ESMTPS id 48D60860222
for <jer...@ardley.org>; Sun, 12 Mar 2023 08:41:44 +0800 (AWST)
Jeremy
I have found that correcting my main.cf to use the correct directory
and ca bundle improves things
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Received: from edge.bronzemail.com
(2403-5800-c000-1b7-f3d4-d970-ca28-bf4f.ip6.aussiebb.net
[IPv6:2403:5800:c000:1b7:f3d4:d970:ca28:bf4f])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "edge.bronzemail.com", Issuer "R3" (verified OK))
by mail.bronzemail.com (Postfix) with ESMTPS id A883C860225
for <jer...@ardley.org>; Sun, 12 Mar 2023 12:25:12 +0800 (AWST)
Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com
[209.85.215.175])
(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
by edge.bronzemail.com (Postfix) with ESMTPS id 70CF54037F
for <jer...@ardley.org>; Sun, 12 Mar 2023 12:25:11 +0800 (AWST)
Slightly off topic I found these files. They seem to not be used as they
aren't links to /usr/share/ca-certificates/mozilla/*
/etc/ssl/certs/dhparam.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/ca-certificates.crt
/etc/ssl/certs/635ccfd5.0
/etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/certs/add67345.0
/etc/ssl/certs/0c31d5ce
/etc/ssl/certs/f081611a.1
/etc/ssl/certs/7651b327.1
/etc/ssl/certs/c19d42c7.0
/etc/ssl/certs/bcdd5959.0
/etc/ssl/certs/1c7314a2
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/NetLock_Notary_=Class_A=_Root.pem
/etc/ssl/certs/d64f06f3.0
/etc/ssl/certs/NetLock_Business_=Class_B=_Root.pem
/etc/ssl/certs/97552d04.0
/etc/ssl/certs/Sonera_Class_1_Root_CA.pem
/etc/ssl/certs/cdaebb72.0
/etc/ssl/certs/6554cdcf.0
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA.pem
/etc/ssl/certs/72fa7371.0
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_2.pem
/etc/ssl/certs/NetLock_Qualified_=Class_QA=_Root.pem
/etc/ssl/certs/UbuntuOne-Go_Daddy_CA.pem
/etc/ssl/certs/NetLock_Express_=Class_C=_Root.pem
/etc/ssl/certs/415660c1.1
/etc/ssl/certs/755f7420.0
/etc/ssl/certs/UbuntuOne-Go_Daddy_Class_2_CA.pem
/etc/ssl/certs/8317b10c.0
/etc/ssl/certs/UbuntuOne-ValiCert_Class_2_VA.pem
/etc/ssl/certs/5a5372fc.0
/etc/ssl/certs/CA_Disig.pem
is it safe to remove them?
--
Jeremy
(Lists)