On Sun, 19 Feb 2012 19:35:56 +0100, Wietse Venema
wrote:
Artemy Tregubenko:
> Instead of enumerating things Postfix that does not do, it would
> be more helpful to say how to achieve a concrete result:
>
>To use ONLY system-supplied default certificate authority
>certificates
Artemy Tregubenko:
> > Instead of enumerating things Postfix that does not do, it would
> > be more helpful to say how to achieve a concrete result:
> >
> > To use ONLY system-supplied default certificate authority
> > certificates, specify those with *_tls_CApath or
> > *_t
On Sun, 19 Feb 2012 18:18:12 +0100, Wietse Venema
wrote:
Artemy Tregubenko:
On Sun, 19 Feb 2012 17:10:50 +0100, Wietse Venema
wrote:
> As per the documentation, Postfix APPENDS to certificates in *CApath
> or *CAfile. If you don't specify certificates in *CApath and *CAfile,
> then Postfix
Artemy Tregubenko:
> On Sun, 19 Feb 2012 17:10:50 +0100, Wietse Venema
> wrote:
>
> > As per the documentation, Postfix APPENDS to certificates in *CApath
> > or *CAfile. If you don't specify certificates in *CApath and *CAfile,
> > then Postfix won't append to them.
>
> Could you add to docum
On Sun, 19 Feb 2012 17:10:50 +0100, Wietse Venema
wrote:
As per the documentation, Postfix APPENDS to certificates in *CApath
or *CAfile. If you don't specify certificates in *CApath and *CAfile,
then Postfix won't append to them.
Could you add to documentation this sentence "If you don't s
Artemy Tregubenko:
> Is tls_append_default_CA expected to work when none of *CApath and *CAfile
> are set?
As per the documentation, Postfix APPENDS to certificates in *CApath
or *CAfile. If you don't specify certificates in *CApath and *CAfile,
then Postfix won't append to them.
Wietse
On Sun, 19 Feb 2012 16:00:43 +0100, Wietse Venema
wrote:
To investigate, you can strace the SMTP daemon (see DEBUG_README.html)
and see what system calls fail. That will also show whether you
correctly followed instructions to turn of the chroot feature.
Thanks to strace I figured out that
On Sun, 19 Feb 2012 16:00:43 +0100, Wietse Venema
wrote:
Therefore, the Equifax certificate wasn't found with 'smtp_tls_CApath
= /etc/ssl/certs'. For CApath to work, you need to run a program
that sets up the necessary symlinks (named after a certificate hash)
that allow the OpenSSL library t
Artemy Tregubenko:
[ Charset UTF-8 unsupported, converting... ]
> Hello,
>
> I have an Ubuntu server with Postfix 2.8.2 on it. Looks like
> tls_append_default_CA has no effect on it.
>
> When I send emails to Gmail I get message about failed certificate
> verification. There're many articles
On Sun, 19 Feb 2012 15:05:58 +0100, Wietse Venema
wrote:
Artemy Tregubenko:
Hello,
I have an Ubuntu server with Postfix 2.8.2 on it. Looks like
tls_append_default_CA has no effect on it.
See if this fixes the problem:
http://www.postfix.org/DEBUG_README.html#no_chroot
Then, complain
Artemy Tregubenko:
> Hello,
>
> I have an Ubuntu server with Postfix 2.8.2 on it. Looks like
> tls_append_default_CA has no effect on it.
See if this fixes the problem:
http://www.postfix.org/DEBUG_README.html#no_chroot
Then, complain to the DEBIAN maintainer for shipping
as broken Postfi
11 matches
Mail list logo