Hi,
I'm afraid I don't understand what the directive smtp_tls_CAfile does
exactly. According to postconf(5),
> smtp_tls_CAfile (default: empty)
> The file with the certificate of the certification authority (CA) that
> issued the Postfix SMTP client certificate. This is needed only when
>
Victor Duchovni a écrit :
>> So this should not be used to verify a server's certificate. In
>> practice, if the file pointed to by smtp_tls_CAfile is a concatenation
>> of CA's certificates, then they are all used to verify the server's
>> certificate.
>
> Yes, smtp_tls_CAfile is used to verify s
Victor Duchovni a écrit :
> --- 8873,8892
>The best way to use the default settings is to comment out the above
> parameters in main.cf if present.
>
> ! In order for remote SMTP servers to verify the Postfix SMTP client
> ! certificate, the issuing CA certificate must be made avail
Victor Duchovni a écrit :
>> I don't think it is. I would otherwise not be able to find the file
>> indicated by smtp_tls_CAfile.
>
> No, this file is loaded into memory before smtp(8) enters the chroot
> jail, while smtp_tls_CApath is accessed post-jail.
>
Ok, I didn't know. I can see you made i
