(2011年01月09日 10:28), lst_ho...@kwsoft.de wrote:
> Zitat von "Mike A. Leonetti" <mikealeone...@gmail.com>:
>
>> I set up postfix with:
>>
>>> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
>> And a list of domains with "may" as the policy for each of them. The
>> problem is postfix hates the certificate (because I don't have it listed
>> as a trusted issuer anywhere).
>>
>> So I get this error as expected:
>>> Jan 8 01:57:46 Ricochet postfix/smtp[24852]: certificate verification
>>> failed for gmail-smtp-in.l.google.com[74.125.91.27]:25: untrusted
>>> issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>> Is there a way to have postfix not care about the issuer and just
>> continue? I am aware that there can be security risks, but they exist
>> anyway if postfix fails back to plaintext.
>
> Huh?
> Postfix does continue anyway if you do not explicitely configure it to
> not do so with a TLS security level higher than "may". The log shows
> the above as a warning.
>
> Regards
>
> Andreas
>
>
Oh! So it's my misunderstanding! It will still continue with TLS then?
Great.
