Am 22.04.2014 00:42, schrieb John Griessen: > On 04/21/2014 04:50 PM, Viktor Dukhovni wrote: > >> >> This is an SMTP *client* setting, for sending mai. You almost >> never client certs. You probably meant to set: >> >> # smtpd_tls_... not smtp_tls_... >> # > > I changed that and when I test with telnet, I can get to > 220 2.0.0 Ready to start TLS > > The /var/log/mail.log shows: > Apr 21 15:27:53 mail postfix/smtpd[23295]: connect from > cpe-72-179-44-248.austin.res.rr.com[72.179.44.248] > Apr 21 15:27:53 mail postfix/smtpd[23295]: Anonymous TLS connection > established from > cpe-72-179-44-248.austin.res.rr.com[72.179.44.248]: TLSv1 with cipher > DHE-RSA-AES128-SHA (128/128 bits) > Apr 21 15:27:55 mail postfix/smtpd[23295]: disconnect from > cpe-72-179-44-248.austin.res.rr.com[72.179.44.248] > > Once my email reader, thunderbird, put up a view certificate dialog box. > My client settings are STARTTLS and normal password
so what are you missing? cacert.org is not listed as trusted CA in most software and so handeled like a self-signed certificate, Debian removed them also recently https://www.google.com/search?q=debian+cacert
