>> >> CA certificate (root certificate) is installed on MUAs? If not MUA >> can't validade server certificate. >> >>-- >>Reinaldo de Carvalho > > Yes, the clients have the CA cert and do properly validate the server > certificate. > > That raises the question why the server logs the TLS connection as > Anonymous. Maybe because postfix doesn't ask for a client certificate > (smtpd_tls_ask_ccert = no; smtpd_tls_req_ccert = no)? > > It appears that all my smtpd (server) TLS connections are logged as > Anonymous, while all my postfix smtp (client) TLS connections are logged as > either "Trusted" or "Untrusted". > > -- > Noel Jones >
Yes, if smtpd_tls_ask_ccert=no all connections are anonymous. (TLS-client (MUA) doesn't send certificate if not request than) if smtpd_tls_ask_ccert=yes client certificate can be used. If smtpd_tls_req_ccert=yes, client certificate is required in all connections. (submission-only useful) -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net
