Hello Wietse > How do you know that the client actually SENDS a certificate?
I do not know because I do not yet see the proof of it in the right log. But I try to configure for it. I am trying to make a simple example all under my control so that I can see the certs exchanged and then verified. And then access granted. Excuse me if things are changing from last message. I am working on it. In the client /etc/postfix/http://main.cf local_transport = error:5.1.1 local mail delivery is disabled alias_maps = alias_database = relay_domains = lmdb:/etc/postfix/relay_domains relay_transport = relay:[10.14.0.10]:1234 smtp_use_tls = yes smtpd_tls_security_level = may smtp_tls_CApath = /etc/ssl/certs/ smtp_tls_cert_file = smtp_tls_key_file = smtp_tls_session_cache_database = lmdb:/var/lib/postfix/smtp_cache smtp_tls_session_cache_timeout = 3600s smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy In /etc/postfix/tls_policy [10.14.0.10]:1234 encrypt fingerprint match=9C:...:A7 In /etc/postfix/relay_domains srachnet2.loc OK In the client /etc/postfix/http://master.cf relay unix - - n - - smtp -o smtp_bind_address=10.14.0.2 -o smtp_tls_cert_file="/etc/ssl/email_keys/relay.srachnet.loc.crt" -o smtp_tls_key_file="/etc/ssl/email_keys/relay.srachnet.loc.key" -o smtp_tls_CAfile="/etc/ssl/email_keys/srachnet_CA.crt" -o smtpd_tls_CAfile="/etc/ssl/email_keys/srachnet_CA.crt" *S*
