On Tue, Nov 17, 2015 at 07:14:21PM +0000, Viktor Dukhovni wrote:
> > smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem
> > smtp_tls_CApath = /etc/ssl/certs/
> > smtp_tls_loglevel = 1
> > smtp_tls_security_level = may
>
> With opportunistic TLS ("may") certificates are never verified,
> and so are never "Trusted".
>
> > smtpd_tls_auth_only = yes
> > smtpd_tls_cert_file = /etc/ssl/certs/prosinger_new_bundle.crt
> > smtpd_tls_key_file = /etc/ssl/certs/prosinger_new.key
>
> Enabling client certificates is generally a bad idea. Is remote
> SMTP server expecting you to use these to authenticate yourself
> for mail submission?
Note, that the comment was related to your client logs, not
the configuration above it, those are server certificates.
--
Viktor.
