On 2013-10-15 09:48, Dan Langille wrote:
On 2013-10-14 20:10, Viktor Dukhovni wrote:
On Mon, Oct 14, 2013 at 08:12:01AM -0400, Dan Langille wrote:
The master.cf has something like this:
64.147.113.42:5587 inet n - n - - smtpd
-o smtp_tls_security_level=encrypt
The above setting is pointless, drop it.
Ahh. Yes. I think I understand. That is an stmp directive and this
is an smtpd process. And the TLS security level for that is specified
farther down as:
-o smtpd_tls_security_level=encrypt
I will move that to main.cf and change the value to may:
smtp_tls_security_level=may
-o smtpd_tls_CAfile=/usr/local/etc/ssl/ca-bundle.crt
An empty or nearly empty file is best here, all the CA DNs are sent
to the SMTP client, which does not need any of them.
I will try trimming those down to a minimum.
I removed that option. Everything is still using Trusted TLS
connections.
--
Dan Langille - http://langille.org/
