Hi, I'm afraid I don't understand what the directive smtp_tls_CAfile does exactly. According to postconf(5),
> smtp_tls_CAfile (default: empty) > The file with the certificate of the certification authority (CA) that > issued the Postfix SMTP client certificate. This is needed only when > the CA certificate is not already present in the client certificate > file. So this should not be used to verify a server's certificate. In practice, if the file pointed to by smtp_tls_CAfile is a concatenation of CA's certificates, then they are all used to verify the server's certificate. OTOH, server certificate verification should be done against certificates in the directory indicated by smtp_tls_CApath. For some reason, I didn't manage to get it working (and yes, I ran c_rehash on this directory). Has someone any idea why I can't get this directive working? My server are finally working as I want wrt TLS, but I feel very uncomfortable with this situation: the directive which should do the job accoring to the manual doesn't work, and the directive which souldn't do it, does it. Did I misunderstand something in the manual? If not, may I suggest updating either the manual or the code so that they match? Thanks, Manuel.
