--On Monday, November 23, 2015 3:36 AM +0000 Viktor Dukhovni
<postfix-us...@dukhovni.org> wrote:
On Sun, Nov 22, 2015 at 07:29:56PM -0800, Quanah Gibson-Mount wrote:
--On Monday, November 23, 2015 3:13 AM +0000 Viktor Dukhovni
<postfix-us...@dukhovni.org> wrote:
>> Setting lmtp_tls_CApath fixed this (although that wasn't necessary in
>> 2.11.4). Sorry for the noise. :)
>
> I am at a loss to explain what lmtp_tls_CApath has to do with this,
> most likely you just happened to flush sufficiently old messages.
You're correct. It didn't resolve the issue. ;) It just retried with
plaintext, which I didn't notice. :)
The logic is that lmtp_CApath is used to evaluate server certificate
trust (not much else it can be used for), but here the server sent
no certificate chain (SSL3 alert instead of server hello), so how
could lmtp_tls_CApath possibly matter? As might be expected, it
did not.
Yep. I think the LMTP TLS support that was supposedly implemented in
Zimbra 8.6 doesn't actually work at all.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
