On Fri, Sep 25, 2015 at 06:16:10PM +0300, Michael Peter wrote:
> I have configured postfix to check CAfile which contains only Godaddy root
> certificate as follow for outgoing emails.
>
> smtp_tls_CAfile = /etc/certs/go-daddy-root-ca.crt
Which certificates are in that file? Report the output of:
openssl crl2pkcs7 -nocrl -certfile /etc/certs/go-daddy-root-ca.crt |
openssl pkcs7 -print_certs -noout
> my surprise that still postfix trust the server certificates when email is
> sent to Yahoo or Gmail..
Post the relevant logs. Do you use the same transport for Google
and Yahoo as for mail to GoDaddy? If not, are there are any
master.cf overrides for the transports in question.
> So i have removed smtp_tls_CAfile which contained only godaady root
> certificate from main.cf, now postfix is not trusting Yahoo or Gmail when
> sending emails to them.
Also post logs for this outcome.
> smtp_tls_CAfile = /etc/ssl/certs/godaddy-root.crt
> smtp_tls_loglevel = 2
Too verbose, 1 is enough.
What version of Postfix are you using?
--
Viktor.
