Hi Viktor,
at first thank you for your two answers. I decided to keep my reactions to
them in order but in all in this answer. ;-)
On Friday, 22. November 2019, 23:29:46 CET Viktor Dukhovni wrote:
> Have you recently seen MX hosts that solicit client certs and then abort
> the TLS handshake when
On Sun, Nov 24, 2019 at 09:45:20PM +0100, Lars Kollstedt wrote:
> We've someone running
>
> smtpd_tls_received_header=yes
> smtpd_tls_ask_ccert = yes
> smtpd_tls_CApath=/etc/ssl/certs
>
> on his Postfix MX servers in our nearer environment, but I don't want
> to maintain a list of all his domai
Am Freitag, 22. November 2019, 23:08:39 CET schrieb Ralph Seichter:
> * Lars Kollstedt:
> > is there a clean way to optionally present a client certificate to a
> > Postfix MX [...]
>
> I hope I don't misinterpret your question here.
[...]
> However, I don't see you using relay_clientcerts=/path/
On Fri, Nov 22, 2019 at 12:11:21PM +0100, Lars Kollstedt wrote:
> Is there a clean way to optionally present a client certificate to a
> Postfix MX without breaking the use of TLS or even the mail delivery
> to MXes that are verifying presented client certificates against a
> local CA, and rejecti
* Lars Kollstedt:
> is there a clean way to optionally present a client certificate to a
> Postfix MX [...]
I hope I don't misinterpret your question here. When acting as an SMTP
client, Postfix should present the certificate you have defined via
smtp_tls_cert_file if the receiving Postfix (the S
Hello List,
is there a clean way to optionally present a client certificate to a Postfix
MX configured with
smtpd_tls_received_header=yes
smtpd_tls_ask_ccert = yes
smtpd_tls_CApath=/etc/ssl/certs
without breaking the use of TLS or even the mail delivery to MXes that are
verifying presented cl
