Hi, I'm using smtp_tls_policy_maps = hash:/etc/postfix/tls_policy with an entry like "hs-hannover.de secure match=.fh-hannover.de".
However, I'm able with postfix to deliver mails to that domain despite the fact that the certificate expired (in logs I see the following statement:) Jul 16 15:06:11 srv1 postfix/smtp[3760]: server certificate verification failed for pmx1.fh-hannover.de[141.71.1.161]:25: certificate has expired Jul 16 15:06:11 srv1 postfix/smtp[3760]: 386DE21530A: Server certificate not trusted Jul 16 15:06:14 srv1 postfix/smtp[3760]: 386DE21530A: to=<postmas...@hs-hannover.de>, relay=pmx2.fh-hannover.de[141.71.1.162]:25, delay=3.8, delays=0.25/0/0.41/3.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as XXXXX) But I expected that no mail delivery is possible (i.e., mail gets deferred) since I used "secure" (I thought "secure" also includes the certificate checks of "verify"). -- Best regards, Sven Strickroth PGP key id F5A9D4C4 @ any key-server
