On Mon, December 21, 2020 16:12, Wietse Venema wrote:
>
> This test connects to a DIFFERENT Postfix service than the Javamail client.
> This proves NOTHING about the service that the Javamail client connects to.
>
We are discussing this at cross-purposes. I understand that the service at 465
is not the STARTTLS postfix service. The software I am using to test the SSL
connection does not do SMTP in any case. The initial problem was simply
getting javamail to recognize the validity of the PKI certificate presented by
Postfix. A successful connection to 465 with the certificate chain proves that
the certificate Postfix presents is accepted and nothing else.
However, up to yesterday, that was the problem. Now I can move on to the next,
which is why the application cannot negotiate a STARTTLS with Postfix. The
next problem uncovered was that the application insists on using SSLv3 and
Postfix was configured with that disabled.
Now with SSLv3 enabled on Postfix, albeit temporarily, I need to discover what
else is preventing a successful STARTTLS connection.
It is like peeling an onion, every problem solved reveals another difficulty.
But, eventually one runs out of layers and obtains the desired result. The
application is in widespread use so the difficulty has to be local to my set
up. I just have to discover what that is.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
