Cowbay via Postfix-users: > So, I will collect necessary information next time I encounter this > issue as what Viktor suggested.
Please note that Postfix does not automatically use the "system" root CA store that openssl s_client and curl may use. That could result in verification differences between Postfix and other tools. https://www.postfix.org/postconf.5.html#tls_append_default_CA tls_append_default_CA (default: no) Append the system-supplied default Certification Authority certificates to the ones specified with *_tls_CApath or *_tls_CAfile. The default is "no"; this prevents Postfix from trusting third-party certificates and giving them relay permission with permit_tls_all_clientcerts. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org