Mark Watts:
> I think my original question still stands; why do connections to
> one server not generate verification messages, while connections
> to a third server do. Both remote servers have self-signed ssl
> certificates.
Wietse:
> Presumably, those certificates are signed with different keys. I
> run tests with self-signed certificates and never see complaints,
> because the clients know the signing key.
Mark Watts:
> The client (the sending postfix server) in this case does not know
> about *any* signing keys used by the remote servers for their ssl
> certificates.
One thing to keep in mind is that recent Postfix versions don't
necessarily exchange certificates (also known as anonymous TLS).
We could speculate forever on what is happening, or you could make
a proper recording and let the data speak for itself.
Wietse
