Hi,
There is an smtp server that is trying to send e-mail to my domain, but with an expired certificate: Feb 2 11:20:52 darwin postfix/smtpd[9181]: connect from r114.mail.aircanada.com[172.82.216.114] Feb 2 11:20:52 darwin postfix/smtpd[9181]: SSL_accept error from r114.mail.aircanada.com[172.82.216.114]: -1 Feb 2 11:20:52 darwin postfix/smtpd[9181]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1544:SSL alert number 45: Feb 2 11:20:52 darwin postfix/smtpd[9181]: lost connection after STARTTLS from r114.mail.aircanada.com[172.82.216.114] Feb 2 11:20:52 darwin postfix/smtpd[9181]: disconnect from r114.mail.aircanada.com[172.82.216.114] ehlo=1 starttls=0/1 commands=1/2 It retries from various other hosts as well, r116.mail..., r117, r121, etc. but all have the same problem. Is there a way to configure postfix to accept a TLS connection, despite the expired certificate? I looked at smtp_tls_policy, but is that only for outbound smtp configuration? I tried getting more info about the certificate, but even with smtpd_tls_loglevel=2 I don't actually get a copy of the certificate printed in the logs. I'm also not able to query the certificate from these servers using `openssl s_client`. Thanks, mh -- Martin Hicks P.Eng. | [email protected] Bork Consulting Inc. | +1 (613) 266-2296
