Victor Duchovni wrote:
On Mon, Sep 14, 2009 at 09:11:43PM -0400, sean darcy wrote:
This is way simpler than any of the howto's for gmail relay access. Or the
TLS_README.
It's weird how everyone make this so complicated.
Which part of TLS_README led you astray? In the section on client certificates:
http://www.postfix.org/TLS_README.html#client_cert_key
the first paragraph, reads:
Do not configure Postfix SMTP client certificates unless you must present
client TLS certificates to one or more servers. Client certificates are
not usually needed, and can cause problems in configurations that work
well without them. The recommended setting is to let the defaults stand:
smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_key_file =
smtp_tls_dkey_file =
# Postfix >= 2.6
smtp_tls_eccert_file =
smtp_tls_eckey_file =
The best way to use the default settings is to comment out the above
parameters in main.cf if present.
I thought this would serve the intended goal of helping people to avoid
unnecessary SMTP client certificates.
I was lead astray by various howto's on how to setup the google relay.
All the ones I saw included setting up the client TLS certificates.
Therefore I assumed they must be presented. Not so.
sean
