Hi I'm using OpenSMTPD 6.4.0
I'm (at least) a little confused as to which sort of certs I should put in the pki cert and ca conf file entries (I can cope with the key entry!) I have an apparently functional ACME setup using the default acme-client supplied with openbsd. This gives me 3 sorts of cert: 1) Bare cert 2) Chain cert 3) Full chain cert I have pki cert set to the bare cert, and ca set to the chain cert - is that correct? or should I use the full chain cert for the pki cert? I ask because whilst the setup mostly morks I do get odd logging like this: Jan 6 14:35:05 azathoth smtpd[87479]: 92975635cb3d86a4 mta connecting address=smtp://212.54.58.11:25 host=mx.mnd.ukmail.iss.as9143.net Jan 6 14:35:05 azathoth smtpd[87479]: 92975635cb3d86a4 mta connected Jan 6 14:35:05 azathoth smtpd[87479]: 92975635cb3d86a4 mta starttls ciphers=version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256 Jan 6 14:35:05 azathoth smtpd[87479]: smtp-out: Server certificate verification succeeded on session 92975635cb3d86a4 Jan 6 14:35:05 azathoth smtpd[87479]: 92975635cb3d86a4 mta delivery evpid=00fe7e3a0bda75cf from=<forward...@uphall.net> to=<yyy....@ntlworld.com> rcpt=<z...@uphall.net> source="46.235.226.138" relay="212.54.58.11 (mx.mnd.ukmail.iss.as9143.net)" delay=1s result="Ok" stat="250 2.0.0 MXIN650 mail accepted for delivery ;id=g9W5guLw5a6xRg9W5gmZtD;sid=g9W5guLw5a6xR;mta=mx4.mnd;d=20190106;t=153505[CET];ipsrc=46.235.226.138;" Jan 6 14:35:16 azathoth smtpd[87479]: smtp-out: Error on session 92975635cb3d86a4: opportunistic TLS failed, downgrading to plain Jan 6 14:35:16 azathoth smtpd[87479]: 92975635cb3d86a4 mta connecting address=smtp+notls://212.54.58.11:25 host=mx.mnd.ukmail.iss.as9143.net Jan 6 14:35:16 azathoth smtpd[87479]: 92975635cb3d86a4 mta connected Jan 6 14:35:16 azathoth smtpd[87479]: 92975635cb3d86a4 mta disconnected reason=quit messages=1 Where I seems to succeed with tls and then it says that it has failed. What is going on? Thanks John Cox -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
