Hello list,
I've set up clientside TLS with postfix 2.7.1 as follows:
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
<empty>
When sending a message (sendmail [email protected]) I get these loglines:
postfix/smtp[7537]: setting up TLS connection to
mail.example.com[aaa.bbb.ccc.ddd]:25
postfix/smtp[7537]: Untrusted TLS connection established to
mail.example.com[aaa.bbb.ccc.ddd]:25: TLSv1 with cipher ADH-CAMELLIA256-SHA
(256/256 bits)
After overwriting the default policy
/etc/postfix/tls_policy:
[mail.example.com] verify
I get the following:
postfix/smtp[7567]: setting up TLS connection to
mail.example.com[aaa.bbb.ccc.ddd]:25
postfix/smtp[7567]: Verified TLS connection established to
mail.example.com[aaa.bbb.ccc.ddd]:25: TLSv1 with cipher
DHE-RSA-CAMELLIA256-SHA (256/256 bits)
And now the TLS connection is trusted and verified. Why isn't it verfied with
'smtp_tls_security_level = may'?
Thanks for your help.
Best regards
Stefan
