> On May 31, 2016, at 10:16 AM, Viktor Dukhovni
> wrote:
>
>main.cf:
> smtpd_client_restrictions =
> cidr = cidr:${config_directory}/
> check_client_access ${cidr}clnt-access
Oops, bad syntax, that should be:
main.cf:
cidr = cidr:${config_directory}/
> On May 31, 2016, at 10:01 AM, Rob Maidment wrote:
>
> I have clients where I'd like to replace Sendmail with Postfix however
> they have incoming mail requirements that prevent this, as far as I
> can tell. These are not so much to do with certificate validation but
> more fundamentally wheth
Thank you Wietse and Viktor for your in-depth responses.
It seems to me that the Postfix SMTP client has all the TLS options of
Sendmail and then some, however the Postfix SMTP server does not offer
the same level of granularity as Sendmail when it comes to applying
TLS to incoming connections.
I
On Thu, May 26, 2016 at 05:44:28PM +0100, Rob Maidment wrote:
> VERIFY verification must have succeeded
Note, this does not check the peer name, it only checks the validity
of the chain.
> VERIFY:bits verification must have succeeded and ${cipher_bits} must
> be greater than or equal bits.
> ENC
Rob Maidment:
> Looking at the Postfix configuration pages I can see how the
> smtp_tls_policy_maps option can be used to enable verification of
> remote server certificates When Postfix is the client but there
> doesn't seem to be the same level of control over what verification
> takes place exac
Hello
Sendmail has a number of TLS certificate validation options described
here: http://www.sendmail.co.uk/sm/open_source/docs/m4/starttls.html#allow_con
VERIFY verification must have succeeded
VERIFY:bits verification must have succeeded and ${cipher_bits} must
be greater than or equal bits.
EN
