On 01/02/2018 4:56 pm, Viktor Dukhovni wrote: > A simpler way to achieve the same goal would have been: > http://www.postfix.org/postconf.5.html#tls_append_default_CA > > tls_append_default_CA = yes > > bearing in mind the caution in the documentation, when enabling the > panoply of WebPKI trust-anchors (root CAs) DO NOT make the make the > mistake of also using "permit_tls_all_clientcerts", lest your server > become an open relay for every man and his dog who can get a Let's > Encrypt certificate... > Ok, adding tls_append_default_CA = yes has finally given me trusted TLS connections, but I do wonder if it was worth it in the end!!
I am not using permit_tls_all_clientcerts
