On 2020-07-08 09:03, Rainer Ruprechtsberger wrote:
Hello,
this is not my only problem with TLS verification - and I'm struggling
to debug this:
*mail.mail.protection.outlook.com cannot be verified by postfix:
posttls-finger: certificate verification failed for
blahblahommited.mail.protection.outlook.com[104.47.14.36]:25: untrusted
issuer /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
How did you call posttls-finger? Did you use "-F" and point it to
/etc/ssl/certs/ca-certificates.crt?
But I do trust this CA:
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
This setting does not affect posttls-finger
What does postfix log when you send a mail there?
--
Christian Kivalo
