On Wednesday 19 November 2008 13:42:59 Noel Jones wrote: > Mark Watts wrote: > >> When you're sending mail, no client certificate is requested. > >> Your postfix doesn't know (and doesn't care) that the client > >> has a self-signed certificate. > > Ooops, spoke backwards there. When you receive mail (the > smtpd server) no certificate is requested, so no certificate > verification is performed and no complaints are logged. > > > Indeed, but its the *remote servers* than have self-signed certificates. > > The originating server doesn't have any certificates at all. > > I've simply configured "smtp_use_tls = yes" and "smtp_tls_loglevel = 1". > > The logs are from the originating server. > > Right.
I think my original question still stands; why do connections to one server not generate verification messages, while connections to a third server do. Both remote servers have self-signed ssl certificates. Real logs from the sending server: [This is a single mail sent to recipients at both domains, both of which have self-signed ssl certificates] Nov 19 13:46:18 mailr postfix/smtpd[25668]: connect from internal[128.98.2.2] Nov 19 13:46:18 mailr postfix/smtpd[25668]: C9B7C8CCD7: client=internal[128.98.2.2] Nov 19 13:46:18 mailr postfix/smtpd[25732]: connect from internal[128.98.2.2] Nov 19 13:46:18 mailr postfix/smtpd[25732]: CF0BE8CCD8: client=internal[128.98.2.2] Nov 19 13:46:18 mailr postfix/cleanup[25730]: C9B7C8CCD7: message-id=<[EMAIL PROTECTED]> Nov 19 13:46:18 mailr postfix/qmgr[22680]: C9B7C8CCD7: from=<[EMAIL PROTECTED]>, size=1726, nrcpt=1 (queue active) Nov 19 13:46:18 mailr postfix/smtpd[25668]: disconnect from internal[128.98.2.2] Nov 19 13:46:18 mailr postfix/cleanup[25734]: CF0BE8CCD8: message-id=<[EMAIL PROTECTED]> Nov 19 13:46:18 mailr postfix/qmgr[22680]: CF0BE8CCD8: from=<[EMAIL PROTECTED]>, size=1725, nrcpt=1 (queue active) Nov 19 13:46:18 mailr postfix/smtpd[25732]: disconnect from internal[128.98.2.2] Nov 19 13:46:19 mailr postfix/smtp[25735]: setting up TLS connection to burn.qinetiq.com Nov 19 13:46:19 mailr postfix/smtp[25735]: certificate verification failed for burn.qinetiq.com: num=18:self signed certificate Nov 19 13:46:19 mailr postfix/smtp[25735]: Unverified: subject_CN=burn.qinetiq.com, issuer=burn.qinetiq.com Nov 19 13:46:19 mailr postfix/smtp[25735]: TLS connection established to burn.qinetiq.com: TLSv1 with cipher AES256-SHA (256/256 bits) Nov 19 13:46:19 mailr postfix/smtp[25735]: CF0BE8CCD8: to=<[EMAIL PROTECTED]>, relay=burn.qinetiq.com[192.102.214.28]:25, delay=0.74, delays=0.07/0.02/0.46/0.2, dsn=2.0.0, status=sent (250 ok 1227102371 qp 26972 by burn.qinetiq.com) Nov 19 13:46:19 mailr postfix/qmgr[22680]: CF0BE8CCD8: removed Nov 19 13:46:19 mailr postfix/smtp[25731]: setting up TLS connection to mail.linux-corner.info Nov 19 13:46:20 mailr postfix/smtp[25731]: TLS connection established to mail.linux-corner.info: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Nov 19 13:46:22 mailr postfix/smtp[25731]: C9B7C8CCD7: to=<[EMAIL PROTECTED]>, relay=mail.linux-corner.info[209.20.80.102]:25, delay=3.3, delays=0.06/0/1.3/1.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 78ABD12C24D) Nov 19 13:46:22 mailr postfix/qmgr[22680]: C9B7C8CCD7: removed Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
