Am 11.02.2014 21:15, schrieb fleon: > FINALLY it worked, but not before i disabled NTLM in the config, because > otherwise it would try it.
as said in my first reply "uninstall the NTLM module" as long you have no damned good reason to install it in case of the distributions i work with it is a own sub-apckage with no frther dependencies and so you don't have to bother about configurations i never faced any positive effect in install and configure the NTLM crap except troubles over troubles, be it mail delivery or stupid Apple clients perfer it in their config while from time to time fail to handle NTLM correct > So, i had to enable client side TLS and disabling NTLM. It says untrusted > connection in the logs, and i tried modifying the mynetworks variable below > but couldn't fix it. It may be untrusted because of the invalid exchange > certificate it says untrusted because the certificate on the remote side is not from a trusted CA or postfix doe snot know the CA and that is why i have smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt connections to Google as example are trusted with and Untrusted without http://www.postfix.org/postconf.5.html#smtp_tls_CAfile Am 11.02.2014 20:17, schrieb Viktor Dukhovni: >> smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt > > Leaving it blank is better. The browser CA bundle has no relevance to SMTP it has no relevance in case of oppotunistic TLS but it makes a difference
