On 5/10/2010 10:30 AM, Dave O'Larte wrote:
I'm trying to enable TLS client fingerprint checking on Postfix - that
is, I want Postfix, acting as a server, to check the fingerprint of
clients trying to connect against a table of cert fingerprints.
From the Postfix logfile, TLS is working, client certs are being
requested, but I can't get Postfix to do the fingerprint check.
In a nutshell, Postfix doesn't seem to pay any attention at all to the
following line in main.cf <http://main.cf>:
smtpd_client_restrictions=permit_tls_clientcerts,warn_if_reject,reject
I can put gibberish in the right side of the above main.cf
<http://main.cf> parameter and Postfix doesn't seem to pay any attention.
"postconf -n" shows that the parameter was correctly read from main.cf
<http://main.cf>.
master.cf <http://master.cf> does not override this value.
This is on an Ubuntu 9.10 system, running Postfix v 2.6.5
The frustrating thing is, I can get this to work on other Ubuntu systems
running the same version of Postfix, so obviously I'm doing something wrong.
Anyone know of a reason Postfix would ignore "smtpd_client_restrictions"?
As this is the first time I've ever tried to post a Postfix question,
please don't hesitate to let me know if there's a better way to pPost
such a newb question ...
Dave
http://www.postfix.org/DEBUG_README.html#mail
Show us your "postconf -n" and non-comment entries in master.cf.
Are you sure you're editing the right main.cf? Maybe you have
multiple postfix installations. Run "find / -name main.cf
-ls" to make sure. Also, postfix/master logs the
configuration directory when postfix starts or reloads.
-- Noel Jones
