On Thu, Nov 20, 2014 at 01:47:20PM -0500, Robert Moskowitz wrote:
> And of course, being on the cheap side, I used self-signed certificates.
> Well I see some sites, including dovecot.org rejecting emails.
>
> Nov 20 10:19:45 z9m9z postfix/lmtp[4040]: 5CF7062110:
> to=<dove...@dovecot.org>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=12,
> delay=5890, delays=4534/1346/0.01/8.8, dsn=2.0.0, status=sent (250 2.0.0 Ok,
> id=04061-01-12, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
> 8602A600B7)
>
> Nov 20 10:19:46 z9m9z postfix/smtp[4090]: certificate verification failed
> for dovecot.org[137.117.229.219]:25: self-signed certificate
This is email you're sending, but certs are inspected by sending
not receiving systems. Your self signed certificate has no bearing
on delivery of outbound email.
You're showing an irrelevant log entry for email re-injection into
amavisd-new for scanning. And no evidence than anyone is rejecting
your mail,
In other words, you're so confused, that you're babbling nonsense,
but it seems to make sense to you. You need to forget everything
you think you understood and start again from scratch.
> Lovely, lovely. I CAN understand this. Afterall, secure communications is
> my day job. But I don't like it.
Well the premise is false, so there is nothing to not like.
> So now I either turn off TLS for MTA-MTA communications, or I find
> a decent CA to get a cert from and I set it up right.
No need.
> Do others here use self-signed certs?
Definitely.
--
Viktor.
