On Fri, Dec 26, 2008 at 08:25:12AM -0500, Sahil Tandon wrote:
> sean darcy wrote:
>
> > Victor Duchovni wrote:
> >> On Mon, Dec 22, 2008 at 12:08:20PM -0500, Asif Iqbal wrote:
> >>
> >>> smtp_use_tls = yes
> >>>
> >>
> >> This is obsolete. Set:
> >>
> >> smtp_tls_security_level = encrypt
> >>
> >> or better (given suitable CAfile or CApath):
> >>
> >> smtp_tls_security_level = secure
> >>
> >
> > So where would you get the certificate to authenticate to google or
> > 1and1.
>
> The smtp (client), as opposed to the smtpd (server), does not need a
> certificate to authenticate to google.
Irrelevant, an SMTP client that wants to verify Google's augthenticity
needs the root CA certificate of the CA that signed Google's cert.
Yes the client does not need its own private keys and associated certs,
but that is not the point.
Verisign makes their certs available for download from
https://www.verisign.com/support/roots.html
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
