On Sat, Jan 31, 2015 at 03:06:06AM +0000, hndlsr...@tutanota.de wrote:
> > And where is "smtpd_tls_req_ccert=yes" or "smtpd_tls_ask_ccert=yes"?
> > And why not "smtpd_tls_security_level=encrypt"?
>
> >> Excuse me if things are changing from last message. I am working on it.
>
> These have been added to the server already since.? In the moment the server
> configuration is
>
> 1234 inet n - n - - smtpd
> -o smtp_helo_name=auth.srachnet.loc
> -o smtpd_client_restrictions=
> -o
> smtpd_relay_restrictions=check_ccert_access,lmdb:/etc/postfix/ok_ccerts,reject
> -o smtpd_tls_req_ccert=yes
> -o smtpd_tls_security_level=encrypt
> -o smtpd_tls_fingerprint_digest=sha1
> -o smtpd_tls_CAfile="/etc/ssl/email_keys/srachnet_CA.crt"
> -o smtpd_tls_cert_file="/etc/ssl/email_keys/mx.srachnet.loc.crt"
> -o smtpd_tls_key_file="/etc/ssl/email_keys/mx.srachnet.loc.key"
> -o smtpd_data_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_recipient_restrictions=
> -o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
> -o smtpd_tls_mandatory_ciphers=high
This looks fine, for Postfix 2.10 or later. What version is this?
> also trying with
>
> -o smtpd_client_restrictions=check_ccert_access,lmdb:/etc/postfix
> -o smtpd_relay_restrictions=
Postfix will not allow both smtpd_relay_restrictions and
smtpd_recipient_restrictions to be empty (to not contain a default
reject action).
> The result is still for now the same for all.
What result is that? What's in the server's logs? How are you
testing this configuration?
--
Viktor.
