On Wed, Mar 29, 2017 at 05:03:51AM -0700, Den1 wrote:
> I was wondering is it actually advisable to use tls on smtp? When I tried it
> out with my self-signed certificates just to see if it's of any convenience
> to implement this feature I received the following response:
>
> TLS required, but was not offered by host -or- we do not run TLS engine -or-
> certificate is not trusted
This is not a Postfix log message. For fact-based answers, please post
verbatim Postfix logs. For alternative-fact-based answers, by all means
please elide the logs and post an anecdotal re-interpretation of what
Postfix reported.
> smtp_tls_security_level = encrypt -or- secure
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Are you sending all email via a single "relayhost" (a.k.a. a
smarthost)? If not, and you're sending to MX hosts of all
possible destination domains, then opportunistic TLS with
"may" or opportunistic DANE TLS with "dane" are the only
practical TLS settings.
These two lines are unlikely to be your entire "postconf -n" output.
Which was it, "encrypt" or "secure"? It best to resolve problems
with one setting at a time, ideally first the more permissive
"encrypt" if that's appropriate.
> smtp_tls_security_level = may
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
>
> it simply went through without giving any "feedback" or warnings.
Try:
smtp_tls_loglevel = 1
> smtp_tls_cert_file = -and-
> smtp_tls_key_file =
>
> are they not required?
http://www.postfix.org/postconf.5.html#smtp_tls_cert_file
--
Viktor.
