Hello list, I've set up clientside TLS with postfix 2.7.1 as follows:
smtp_tls_CApath = /etc/ssl/certs smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_policy_maps = hash:/etc/postfix/tls_policy /etc/postfix/tls_policy: <empty> When sending a message (sendmail u...@mydomain.com) I get these loglines: postfix/smtp[7537]: setting up TLS connection to mail.example.com[aaa.bbb.ccc.ddd]:25 postfix/smtp[7537]: Untrusted TLS connection established to mail.example.com[aaa.bbb.ccc.ddd]:25: TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits) After overwriting the default policy /etc/postfix/tls_policy: [mail.example.com] verify I get the following: postfix/smtp[7567]: setting up TLS connection to mail.example.com[aaa.bbb.ccc.ddd]:25 postfix/smtp[7567]: Verified TLS connection established to mail.example.com[aaa.bbb.ccc.ddd]:25: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits) And now the TLS connection is trusted and verified. Why isn't it verfied with 'smtp_tls_security_level = may'? Thanks for your help. Best regards Stefan