Am 21.02.2014 11:58, schrieb Robert Schetterer: > Am 21.02.2014 11:37, schrieb BONNET, Frank: >> Hello >> >> Since I activated SMTP TLS ( client and server = may ) on our mail >> gateway I have this message in maillog >> >> Untrusted TLS connection established to ASPMX.L.GOOGLE.COM >> <http://ASPMX.L.GOOGLE.COM>[173.194.66.27]:25: TLSv1 with cipher RC4-SHA >> (128/128 bits) >> >> any info ? >> thank you >> > > what exact is your problem with this?
most likely laziness combined with lack of understanding what a trusted TLS connection is and why opportunistic TLS without certificate validating per definition is "untrusted" https://www.google.com/search?q=postfix+Untrusted+TLS+connection with that you get "Trusted connection" in case the other side has a certificate from a trusted CA but you gain nothing because it is still *opportunistic TLS* which means if somebody hijacks your TLS and a foreign server pretends to be Goggle with a self signed certificate you still deliver the message smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
