* Victor Duchovni <victor.ducho...@morganstanley.com>: > > This happens if the client doesn't like the certificate, because it is > > not signed by a trusted CA. > > This is a reasonably plausible conjecture, but not yet a fact.
Yup. > > Which machine is it, so we can have a look with s_client? > > More importantly, the OP has said nothing useful about the nature of > relationship between the sending and receiving systems. Indeed! > - Are they an MUA and an MSA, with the client (MUA) configured > to combine STARTTLS and AUTH (ideally on port 587)? What host > is the client expecting to connect to and does the server certificate > match (trusted chain and matching CN) this hostname to the client's > satisfaction? I wonder if Postfix can log the smtpd port. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de