On Tue, Nov 17, 2015 at 10:58:13PM -0500, Bill Cole wrote:
> >[root@knox certs]# postconf -n | grep tls
> >smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem
> >smtp_tls_CApath = /etc/ssl/certs/
>
> That's likely to be wrong. smtp_tls_CApath needs to be more than just a
> directory where the
On 17 Nov 2015, at 14:02, Istvan Prosinger wrote:
Hi,
I'm trying to install the signed STARTSSL certificates to Postfix, but
I'm getting this entry whatever I do:
Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection
established to gmail-smtp-in.l.google.com[74.125.133.26]:25:
On Tue, Nov 17, 2015 at 07:14:21PM +, Viktor Dukhovni wrote:
> > smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem
> > smtp_tls_CApath = /etc/ssl/certs/
> > smtp_tls_loglevel = 1
> > smtp_tls_security_level = may
>
> With opportunistic TLS ("may") certificates are never verified,
> and
On Tue, Nov 17, 2015 at 08:02:35PM +0100, Istvan Prosinger wrote:
> I'm trying to install the signed STARTSSL certificates to Postfix, but I'm
> getting this entry whatever I do:
>
> Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection
> established to gmail-smtp-in.l.google.com[74.
Hi,
I'm trying to install the signed STARTSSL certificates to Postfix, but
I'm getting this entry whatever I do:
Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection
established to gmail-smtp-in.l.google.com[74.125.133.26]:25: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (12