On Tue, Nov 6, 2012 at 8:37 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Tue, Nov 06, 2012 at 01:06:22AM -0800, Ori Bani wrote: > >> smtpd_tls_security_level = may >> >> (so only want opportunistic encryption, no cert validation, etc) the >> TLS_README suggests that it's best to just leave blank >> >> smtpd_tls_cert_file >> smtpd_tls_key_file > > Can you site the specific text? I don't recall making that advice? > To run without a certificate (only for dedicated MTAs not facing > the public 'Net) you need to explicitly set "smtpd_tls_cert_file > = none".
This section: > Client-side certificate and private key configuration > > Do not configure Postfix SMTP client certificates unless you must present > client > TLS certificates to one or more servers. Client certificates are not usually > needed, > and can cause problems in configurations that work well without them. The > recommended setting is to let the defaults stand: This text also repeats in postconf(5) Based on your reply, I must be misunderstanding the context (or the meaning of "must" here). Thanks for your help.