On 2025/11/21 13:30, Viktor Dukhovni via Postfix-users wrote:
> On Fri, Nov 21, 2025 at 09:55:04AM +0200, Edmund Lodewijks via Postfix-users
> wrote:
> That's basically correct, though a tiny minority of misguided senders
> might fall back to cleartext when opportunistic TLS doesn't authenticate
> the server.
That would be a pitty. I guess I must keep an eye on the logs for a bit.
> Just a self-signed end-entity certificate is sufficient.
Thank you. Done. This should arrive safely.
> The word "any" leaves room for there being "none".
Fair enough. With DANE enabled, this wasn't something I was wanting to
experiment with.
You have an interesting first certificate on your server.. :)
Kind regards, and thank you for your constant sharing of your knowledge
(that goes for many on this and other lists!).
Edmund
--
Edmund Lodewijks <[email protected]>
TZ: UCT+2 / GMT+2
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
