I am now simple-testing Postfix->Postfix TLS AUTH. It is all on internal test network on the LAN.
I create on the receiving server this service in http://master.cf 1234 inet n - n - - smtpd -v -o smtp_helo_name=auth.srachnet.loc -o smtpd_tls_security_level=may -o smtpd_tls_fingerprint_digest=sha1 -o smtpd_client_restrictions=check_ccert_access,lmdb:/etc/postfix/ok_ccerts,reject -o smtpd_relay_restrictions=permit_tls_clientcerts,reject -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= And the file /etc/postfix/ok_ccerts 11:...:11 relay.srachnet.loc I launch Postfix and send a test mail. In the Postfix log I see only the 'generic_checks' but no check in the lmdb:/etc/postfix/ok_ccerts database Jan 30 14:53:41 mx postfix/smtpd[32574]: >>> START Client host RESTRICTIONS <<< Jan 30 14:53:41 mx postfix/smtpd[32574]: generic_checks: name=check_ccert_access Jan 30 14:53:41 mx postfix/smtpd[32574]: generic_checks: name=check_ccert_access status=0 Jan 30 14:53:41 mx postfix/smtpd[32574]: generic_checks: name=reject Jan 30 14:53:41 mx postfix/smtpd[32574]: NOQUEUE: reject: RCPT from relay.srachnet.loc[10.14.0.2]: 554 5.7.1 <relay.srachnet.loc[10.14.0.2]>: Client host rejected: Access denied; from=<r...@laptop.srachnet.loc> to=<srcht...@srachnet2.loc> proto=ESMTP helo=<relay.srachnet.loc> Jan 30 14:53:41 mx postfix/smtpd[32574]: generic_checks: name=reject status=2 Jan 30 14:53:41 mx postfix/smtpd[32574]: >>> END Client host RESTRICTIONS <<< If I change the http://master.cf - -o smtpd_client_restrictions=check_ccert_access,lmdb:/etc/postfix/ok_ccerts,reject + -o smtpd_client_restrictions=check_ccert_access lmdb:/etc/postfix/ok_ccerts,reject When I send the test mail the logs show me Jan 30 14:55:54 mx postfix/smtpd[42774]: fatal: unexpected command-line argument: lmdb:/etc/postfix/ok_ccerts Why is it not checking the database? *S*
