Upon further investigation, apparently mail is not moving. There seems to be 2 domains associated with this site but I was only asked to enforce TLS on one of them. That is why it appeared to be working. Getting back to Chris' comments, I think setting the security level to 'encrypt' forces everything to be TLS and that will not work. I need it to work as I previously described.
On Jan 11, 2010, at 11:27 AM, Dennis Putnam wrote: > Hi Chris, > > Thanks for the reply. Please see embedded comments. > > On Jan 11, 2010, at 11:11 AM, Christoph Anton Mitterer wrote: > >> On Mon, 2010-01-11 at 11:04 -0500, Dennis Putnam wrote: >>> I want to enforce TLS but I don't care what certificate the receiver >>> uses. Thanks. >> Apart from the fact that enforcing TLS with SMTP is usually a bad idea, >> setting the >> smtp_tls_security_level = encrypt >> should usually do what you mean, enforce TLS with the remote SMTP >> server, but accept untrusted certs or even those with a wrong name. > > I don't get to choose, I just have to do it. How these parameters work is > still a little confusing to me. I have smtpd and smtp security levels set to > 'may.' What I am trying to do it set up opportunistic TLS except for specific > hosts that I need to enforce (smtp_tls_per_site). What I noticed is that this > one site was using Thawte as the signing authority. I tried adding their root > certificate to my config and now the error has changed to a warning about > untrusted TLS connection but the mail seems to be moving now. Did I stumble > on to a fix or am I still missing something? > >> >> >>> The information contained in this e-mail and any attachments is >>> strictly confidential. If you are not the intended recipient, any use, >>> dissemination, distribution, or duplication of any part of this e-mail >>> or any attachment is prohibited. If you are not the intended >>> recipient, please notify the sender by return e-mail and delete all >>> copies, including the attachments. >> There is (at least in most countries) no legal ground for so called >> "disclaimers".... and they're quite stupid and annoying when sending >> them to public mailing lists. > > I am quite familiar with the arguments but again it is not my choice. If you > want, I can give you the number of our corporate lawyers and you can try to > convince them. Perhaps you will have better luck than me. :-) > >> >> >> >> Cheers, >> Chris. > > > > Dennis Putnam > Sr. IT Systems Administrator > > AIM Systems, Inc. > 11675 Rainwater Dr., Suite 200 > Alpharetta, GA 30009 > Phone: 678-240-4112 > Main Phone: 678-297-0700 > FAX: 678-297-2666 or 770-576-1000 > The information contained in this e-mail and any attachments is strictly > confidential. If you are not the intended recipient, any use, dissemination, > distribution, or duplication of any part of this e-mail or any attachment is > prohibited. If you are not the intended recipient, please notify the sender > by return e-mail and delete all copies, including the attachments. > > > Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments.
