> On Dec 10, 2018, at 8:00 PM, Sean Son
> <linuxmailinglistsem...@gmail.com> wrote:
>
> Thank you for the reply. Can the client be configured to trust more
> than one SSL cert?
most of clients support more than one certificate authority.
On Mon, Dec 10, 2018 at 9:40 PM Viktor Dukhovni <postfix-us...@dukhovni.org>
wrote:
You've told us nothing about the client, so it would be a miracle
if someone on the list could give an answer to that question.
Is the client running Postfix? What sort of certificate chain
does the server have? ...
This is something you should be able to determine from the client
software documentation, and by checking the server's certificate
chain.
On 11.12.18 10:21, Sean Son wrote:
If, by "client", you mean the SMTP server, it is running Postfix.
No. by "client" people usually mean the one who is connecting to server.
SMTP client connects to SMTP server etc.
The client server is using a self signed cert and it is set up to offer
STARTLS to any senders who request TLS.
I understand this as "SMTP server of your client"
As for the sending server, the monitoring application server that is, it
is using a wild card certificate with a bundled cert containing the
intermediate certificate.
if your monitoring application sends mail to another server, it's not
important what certificate your monitoring server uses, because it's not
used.
according to your original mail:
This server is set up with TLS enabled and it uses a script to send
email to any SMTP server that we choose.
Whenever I try to send mail from the monitoring
server to this postfix based SMTP server, using TLS, I get the following
strange errors in the maillog of the postfix server:
As I undertsand it, the script running on your monitoring server [x.x.x.75]
is trying to connect to your client's postfix server and fails.
Such script must accept certificate send by the postfix server.
Another possibility is that client application uses mail transfer agent
(MTA, e.g. postfix) installed on your monitoring server which further
passes the mail to your client's SMTP server. In such case, this MTA must
accept certificate of your client's postfix server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
