On Tue, Aug 29, 2023 at 05:47:00PM +0200, Étienne Miret via Postfix-users wrote:
> > So what's the difference between a MAriaDB Client file and the > > various "tls_" settings in the connection.cf file > > I was thinking about the MariaDB `ssl` setting, that enable TLS without > validating server certificate. That setting isn’t documented in the link you > provided, so I guess it can only be set in a MariaDB option file. Both Postfix and the mysql "options" file have TLS related controls. In case of conflict (the same feature is supported in both), I expect the Postfix settings "win", even if not explicitly specified, because the Postfix controls have "default" values. Advanced settings that are only available in the "options" file have to be tweaked there. > This being said, I’m not even sure the Postfix support that setting, and it > is inherently insecure. So as Viktor said, just set tls_CAfile or > tls_CApath, which should implicitly enable TLS. See https://www.postfix.org/mysql_table.5.html tls_verify_cert (default: no) Verify that the server's name matches the common name in the certificate. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
