Dnia 9.01.2022 o godz. 22:22:36 Joachim Lindenberg pisze: > Ok, while subscribing to this mailing > list I had to add two more exceptions, because this mailing list uses an > untrusted certificate (https://www.checktls.com/TestReceiver?LEVEL=DETAIL > <https://www.checktls.com/TestReceiver?LEVEL=DETAIL&EMAIL=majord...@postfix.org> > &EMAIL=majord...@postfix.org). Aren´t letsencrypt certs cheap enough > in order to get rid of untrusted certificates?
Why bother with externally provided certificates when you can generate one for yourself and it does not harm the mail system in any way, as any reasonably configured mail server does *not* verify certificates of the other servers it communicates with by default? Unlike HTTPS, certificates in SMTP are not for proving identity of the remote server; they are *purely* for encryption. Of course, there is DANE etc. but it is not - and *should not* be - mandatory. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
