Viktor Dukhovni wrote:
> Note, when you "pin" the issuer if a domain's certificate chain
> you have the luxury of more time between updates, but eventually
> the site will obtain a certificate from some other CA or a new
> issuer key from the same CA.
Yupp. I'm aware of that. For those sites I'm
On Sat, Oct 25, 2014 at 05:51:36PM +0200, Michael Str?der wrote:
>
> And it seems to describe what I was looking for:
>
> "With Postfix >= 2.11 the "smtp_tls_trust_anchor_file" parameter, or more
> typically the corresponding per-destination "tafile" attribute, optionally
> modifies trust chain
On Sat, Oct 25, 2014 at 04:38:44PM +0200, Michael Str?der wrote:
> BTW: postfix 2.11.3 even seg faults when using a unknown keyword:
>
> Oct 25 16:33:37 srv1 postfix/smtp[27839]: warning: smtp_tls_policy_maps,
> next-hop destination "example.com": invalid attribute name: "CAfile"
> Oct 25 14:33:3
Wietse Venema wrote:
> Michael Str?der:
>> Well, I have read the docs (see quote from postfix web site above). But the
>> statement in the docs is pretty broad/unprecise:
>>
>> "followed by an optional list of whitespace and/or comma separated name=value
>> attributes that override related main.cf
Michael Str?der:
> Well, I have read the docs (see quote from postfix web site above). But the
> statement in the docs is pretty broad/unprecise:
>
> "followed by an optional list of whitespace and/or comma separated name=value
> attributes that override related main.cf settings."
In the TLS_READ
Wietse Venema wrote:
> Michael Str?der:
>> Quote from http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps
>>
>> "The lookup result is a security level, followed by an optional list of
>> whitespace and/or comma separated name=value attributes that override related
>> main.cf settings."
>>
>
Michael Str?der:
> Quote from http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps
>
> "The lookup result is a security level, followed by an optional list of
> whitespace and/or comma separated name=value attributes that override related
> main.cf settings."
>
> Does that mean that I can
li...@rhsoft.net wrote:
>
> Am 25.10.2014 um 15:29 schrieb Michael Ströder:
>> Can I define a special CA cert bundle in smtp_tls_policy_maps for a certain
>> recipient domain? Which keyword(s) to use?
>>
>> For example I have a line like this in the map for recipient domain
>> 'example.com':
>>
>>
Am 25.10.2014 um 15:29 schrieb Michael Ströder:
Can I define a special CA cert bundle in smtp_tls_policy_maps for a certain
recipient domain? Which keyword(s) to use?
For example I have a line like this in the map for recipient domain
'example.com':
example.com verify protocols=TLSv1 ciphers=
