Victor Duchovni wrote: > On Fri, Dec 26, 2008 at 08:25:12AM -0500, Sahil Tandon wrote: > > > sean darcy wrote: > > > > > Victor Duchovni wrote: > > >> On Mon, Dec 22, 2008 at 12:08:20PM -0500, Asif Iqbal wrote: > > >> > > >>> smtp_use_tls = yes > > >>> > > >> > > >> This is obsolete. Set: > > >> > > >> smtp_tls_security_level = encrypt > > >> > > >> or better (given suitable CAfile or CApath): > > >> > > >> smtp_tls_security_level = secure > > >> > > > > > > So where would you get the certificate to authenticate to google or > > > 1and1. > > > > The smtp (client), as opposed to the smtpd (server), does not need a > > certificate to authenticate to google. > > Irrelevant, an SMTP client that wants to verify Google's augthenticity > needs the root CA certificate of the CA that signed Google's cert.
Agreed. My point is that a cert is *not* needed to authenticate to Google's submission service. If, and only if, the client wants to verify authenticity is the signing root's cert required. > Yes the client does not need its own private keys and associated certs, > but that is not the point. It is not the point and thus was not alleged. [...] -- Sahil Tandon <sa...@tandon.net>
