> hyndavirap...@bel.co.example: >> 1. error log before adding "smtp_tls_CAfile" param is as follows >> > > I replaced the top-level domain name for privacy reasons. > >> postfix/smtp[3525]: certificate verification failed for >> 201.123.80.173[201.123.80.173]:25: untrusted issuer >> /C=EXAMPLE/ST=karnataka/L=bangalore/O=bel/OU=crl/CN=MilitaryMessagingCA/emailAddress=ca_ad...@bel.co.example > > The certificate could not be verified because an issuer in the > trust chain was not known. > >> postfix/smtp[3525]: 804E8232A0: to=<cdr....@ahq.tcs.mil.example>, >> relay=201.123.80.173[201.123.80.173]:25, delay=10, >> delays=0.13/0.01/10/0, >> dsn=4.7.5, status=deferred (Server certificate not trusted) > > You require certificate verification, and thus mail is dederred. > >> 2. Error log after adding following param >> >> smtp_tls_CAfile = /root/hyndavi/CA_cert.pem >> >> postfix/smtp[6891]: 17A3F232B1: to=<cdr....@ahq.tcs.mil.example>, >> relay=201.123.80.173[201.123.80.173]:25, delay=337, >> delays=327/0.02/10/0, >> dsn=4.7.5, status=deferred (Server certificate not verified) > > Now it knows the issuer, but the name in the certificate does not > match what Postfix expected. The default is to match the next-hop > domain but you can change that per-destination in smtp_tls_policy_maps > with the "match=" attribute, or globally with smtp_tls_secure_cert_match. > > Wietse >
Thanks for the reply. I have added following line to main.cf smtp_tls_policy_maps = hash:/etc/postfix/tls_policy tls_policy file contains: [201.123.80.173]:25 encrypt match=AHQserver transport map details are as follows AHQ.tcs.mil.example relay:[201.123.80.173]:25 and server certificate details are Subject: C=Example, ST=karnataka, O=bel, OU=crl, CN=AHQserver/emailAddress=ahqserver_smtp_ad...@tcs.mil.example After adding smtp_tls_policy_maps also I'm getting same "server certificate not verified" error... Am i missing anything? Is tls_policy file details are proper? Thinking you in advance... -- Regards Hyndavi Every 3000 Sheets of paper costs us a tree.. Save trees... Conserve Trees. Don't print this email or any Files unless you really need to!!!! Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Bharat Electronics or supp...@bel.co.in immediately and destroy all copies of this message and any attachments.
