-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi list !
I have only one peer as nexthop in my transport table , this is my
configuration for postfix smtp :
> # SMTP TLS
> smtp_use_tls=yes
> smtp_tls_loglevel = 1
> smtp_tls_enforce_peername = no
> smtp_tls_CAfile = /etc/postfix/ssl/CA.pem
> smtp_tls_cert_file=/etc/postfix/ssl/cert.pem
> smtp_tls_key_file=/etc/postfix/ssl/key.pem
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtp_tls_enforce_peername = no
> smtp_tls_mandatory_ciphers = high
> smtp_tls_mandatory_protocols = SSLv3, TLSv1
> smtp_tls_secure_cert_match = nexthop
> smtp_tls_security_level = fingerprint
> smtp_tls_fingerprint_digest = sha1
> smtp_tls_fingerprint_cert_match =
> D4:A8:07:24:0C:26:B6:D7:9D:AA:CC:CA:77:BA:3A:27:AE:0C:B5:35
> smtp_tls_scert_verifydepth = 1
> smtp_tls_note_starttls_offer = yes
> smtp_sasl_auth_enable = yes
> smtp_sasl_mechanism_filter = plain, login
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options =
... and i can't still have a verified TLS connection with my relayhost .
My CA.pem , smtp_tls_CAfile = /etc/postfix/ssl/CA.pem , has my both
selfsigned main CA certificate and my nexthop CA in it . Should i
include the all ca certificates directory in postfix main.cf ? How can i
have a verified tls connection with my relayhost ?
Thanks!
Gab
- --
pub 1024D/5C5BE409 2009-04-09
Key fingerprint = 2BDE 5361 39EA 3E75 9EE8 6724 CE20 F80F 5C5B E409
uid Gabriele (Gab at Riseup.Net) <gabri...@riseup.net>
uid [jpeg image of size 1965]
sub 4096g/078F3AAD 2009-04-09
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREKAAYFAknnd5UACgkQpCYscrzyfkLPRACePYHRvQHI78whe5DykFbtekvf
XiQAn1sJza4u0ZXjSgS7Mh6YkdlAKMps
=Gf5o
-----END PGP SIGNATURE-----
