Re: Requesting certificates

[li...@lazygranch.com]

On Fri, 22 Dec 2017 09:52:13 +
Dominic Raferd  wrote:

> On 22 December 2017 at 09:38, li...@lazygranch.com
>  wrote:
> 
> > ​...
> > From main.cf (sanitized):
> > 
> > # TLS
> > smtpd_use_tls = yes
> > ​​
> > smtpd_tls_security_level = may
> > smtpd_tls_auth_only = yes
> > smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
> > smtpd_tls_cert_file
> > = /etc/letsencrypt/live/mydomain.com/fullchain.pem
> > smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes
> > #next line experimental
> > ​​
> > smtpd_tls_ask_ccert = yes
> > smtpd_tls_session_cache_timeout = 3600s
> > tls_random_source = dev:/dev/urandom  
> 
> 
> BTW, smtpd_use_tls = yes is deprecated for Postfix 2.3+: ​
> ​
> smtpd_tls_security_level = may achieves the same thing.

Thanks. I just commented out the line and everything works the same. 
I have 
compatibility_level = 2
in the main.cf. 

Re: Requesting certificates

[Dominic Raferd]

On 22 December 2017 at 09:38, li...@lazygranch.com 
wrote:

> ​...
> From main.cf (sanitized):
> 
> # TLS
> smtpd_use_tls = yes
> ​​
> smtpd_tls_security_level = may
> smtpd_tls_auth_only = yes
> smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
> smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/fullchain.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> #next line experimental
> ​​
> smtpd_tls_ask_ccert = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom


BTW, smtpd_use_tls = yes is deprecated for Postfix 2.3+: ​
​
smtpd_tls_security_level = may achieves the same thing.