On 2022-10-01 at 15:25:55 UTC-0400 (Sat, 1 Oct 2022 19:25:55 +0000)
Eddie Rowe <eddie.r...@tdhca.state.tx.us>
is rumored to have said:
I am working on setting up PostFix to banish another MTA so I have
setup two virtual machines with one being a mail gateway and the other
a null client using internal IPs for initial testing. I have an RSA
wildcard certificate from GoDaddy that I am struggling to get PostFix
to use. I can point the null client at a non-PostFix system with the
same certificate and the logs shows that all is well with the
certificate on that server so I think the null client setup is
correct. But when I point the Postfix null client at my test PostFix
mail gateway I see "Untrusted TLS connection established to..." on the
null client
Which means that Postfix (technically the OpenSSL libraries) hasn't
verified the trust chain for the server's certificate. That's fine,
because the way SMTP works makes it pointless to do that verification.
SMTP!=HTTP
and "Anonymous TLS connection established from..." on the gateway.
SMTP clients don't need their own certificates authenticating them,
because SMTP does authentication at the app level. So from the server's
viewpoint at the TLS level, the client is anonymous.
The documentation it recommends an OpenSSL test, but I am not sure if
I have the syntax 100% correct since there was no example in the
documentation. I have searched the list trying to see if there was a
known issue with GoDaddy without finding anything specific to PostFix
or wildcard certificates (GoDaddy would not be my choice in a
registrar).
Any suggestions on next steps to sort this out?
There seems to be nothing that *needs* to be sorted out.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
