James Moe:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> On 01/12/2018 06:27 PM, Wietse Venema wrote:
> >
> >> $ ls -l ssl/
> >> lrwxrwxrwx 1 root root 15 Nov 4 13:04 cacerts -> ../../ssl/certs/
> > The above is not needed, if you configure Postfix to read the system
> > SSL certificate database with "tls_append_default_CA = yes". Not a
> > good idea if you use certificates to allow relaying!
> >
> "tls_append_default_CA = no" in our configuration.
> I am not clear which item is not a good idea: the symlink, or
> "tls_append_default_CA = yes."
With cacerts -> ../../ssl/certs/, you may just as well delete the
symlink and set "tls_append_default_CA = yes", because the result
will be the same.
Wietse
