On Thu, Jun 09, 2022 at 10:55:50PM +0200, Steffen Nurpmeso wrote: > # That one is for client certificates! > #smtpd_tls_CAfile = /etc/dovecot/cert.pem
The "smtpd_tls_CAfile" is unused bloat unless you solicit client
certificates, and even/especially then should NOT be the standard WebPKI
CA bundle (which might go in CApath in some edge cases), but would
instead list only a short list of CAs you actually trust and use for
acceptable client certificates.
--
Viktor.
