On 15.08.21 08:34, Lauren R wrote:
Thank you @raf. We were using the certs from a commercial CA, not the
free one.
this does not matter.
We use let's encrypt certificates on multiple servers. So far, certificates
for server-server communication are not required to be officially signed
which makes easier to scan it at network border with gateways that intercept
SSL.
OTOH clients will complain if they don't get proper certificate,
pop3/imap/smtp.
On 2021/8/15 8:05 上午, raf wrote:
On Sun, Aug 15, 2021 at 09:37:17AM +1000, raf <post...@raf.org> wrote:
I recommend using a CA-approved certificate like
LetsEncrypt just because Postfix will use the same
certificate for submissions on port 587, and mail
clients (like Thunderbird) might complain if a
self-signed certificate is used in that context.
Actually, that might be wrong. Maybe Thunderbird only
complains about self-signed certificates for getting
mail (IMAPS/POPS), rather than for sending mail
(SMTP/STARTTLS). I don't know. If so, it might only
affect e.g. Dovecot's choice of certificate rather than
Postfix's. But chances are, if you use both, you'll
probably want them to use the same certificate.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
