On Wed, Aug 02, 2017 at 12:10:31PM +0530, hyndavirap...@bel.co.in wrote:
> " Aug 2 11:21:34 AHQ postfix/smtp[6372]: BEC5D67928BD:
> to=<cdr.1cor...@1corphq.tcs.mil.in>, orig_to=<cdr.1cor...@tcs.mil.in>,
> relay=201.123.1.4[201.123.1.4]:25, delay=0.06, delays=0.04/0.01/0.01/0,
> dsn=4.7.5, status=deferred (Server certificate not verified) "
That's nice, but where's the SMTP client's TLS logging?
> queue_run_delay = 30s
Unrelated, but surely too short.
> smtp_enforce_tls = yes
Obsolete, instead set "smtp_tls_security_level = encrypt".
> smtp_tls_CAfile = /etc/new_pki/tls/certs/ca-bundle.crt
This has to be sufficient to verify the remote server's certificate.
> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
> smtpd_tls_loglevel = 2
Change that to 1, and also set:
smtp_tls_security_level = 1
> tls_policy file is as follows
>
> [201.123.1.4]:25 secure match=1CorpHQ
>
> "1CorpHQ" is exactly same as the CN field of the certificate
Are there any DNS subject alternative names in the certificate?
Is it issued by a trusted CA? ...
> How to solve the above error...I'm stuck at this point for a long time...
> Any help will be appreciated greatly...
Post TLS logging, after setting the loglevel = 1.
--
Viktor.
