Package: postfix Version: 2.8.2-1 Severity: normal I use smtp.gmail.com as a smarthost but I hardcode its cert fingerprint in my postfix config to help prevent MITM attacks. relayhost = smtp.gmail.com:587 smtp_generic_maps = hash:/etc/postfix/generic smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_security_level = fingerprint smtp_tls_mandatory_ciphers = high smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_fingerprint_digest = sha1 smtp_tls_fingerprint_cert_match = DB:A0:2A:07:00:F9:E3:23:7D:07:E7:52:3C:95:9D:E6:7E:12:54:3F
A few days ago, smtp.gmail.com changed its cert and so postfix rightfully decided not to connect to it and kept on queueing mail locally instead. The problem is that the only sign that this was happening was in /var/log/mail.info: Mar 31 18:51:20 hostname postfix/smtp[3937]: 6B2815B4528: to=<secur...@debian.org>, relay=smtp.gmail.com[74.125.53.109]:587, delay=36, delays=33/0.56/2.7/0, dsn=4.7.5, status=deferred (Server certificate not verified) I've got both /var/log/mail.warn and /var/log/mail.err in /etc/logcheck/logcheck.logfiles and I was expecting such an important message to be at least considered a warning. Could the priority of that particular error message be bumped? Cheers, Francois -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org