On Thu, Oct 21, 2021 at 04:34:23PM -0400, Craig Huckabee wrote:
> We’ve had requests for help making it work with Windows, specifically
> from Powershell. We tried connecting using the Powershell methods
> described by Microsoft for SMTP TLS auth, but while debugging from the
> Postfix side the client doesn’t appear to ever send the certificate.
Please post your "postconf -nf" output, without any further wrapping of
lines by the mail client, in the message body or text attachment, i.e.
not as an external pastebin URL...
A plausible issue is that the SMTP server is not signalling an issuer
CA list that includes the (Windows) SMTP client's issuer CA.
Some TLS clients only send certificates when the server's issuer DN list
is non-empty, and includes an issuer (or root CA) that is part of the
client's certificate chain.
When requesting client certs, The Postfix SMTP server will send the
the subject names of CAs in smtpd_tls_CAfile to the client as the
preferred list of CAs.
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L699-L720
--
Viktor.
