properly
+configured peer as part of the TLS handshake, this may result in failure
+to validate the peer's certificate chain.
+
+ The choice between $smtp_tls_CAfile and $smtp_tls_CApath is a
+space/time tradeoff. If there are many trusted CAs, the cost of
+preloading them all into memory (from a CAfi
On Thu, Feb 11, 2021 at 4:49 PM Viktor Dukhovni
wrote:
>
> On Thu, Feb 11, 2021 at 02:51:02PM +, bitozoid wrote:
>
> > As of today, doc says for 'smtp_tls_CAfile':
> >
> > "A file containing CA certificates of root CAs trusted to sign either
> > remote SM
On Thu, Feb 11, 2021 at 02:51:02PM +, bitozoid wrote:
> As of today, doc says for 'smtp_tls_CAfile':
>
> "A file containing CA certificates of root CAs trusted to sign either
> remote SMTP server certificates or intermediate CA certificates."
It can also contain interm
On 11.02.21 14:51, bitozoid wrote:
>As of today, doc says for 'smtp_tls_CAfile':
>
>"A file containing CA certificates of root CAs trusted to sign either
>remote SMTP server certificates or intermediate CA certificates."
>
>and for 'smtp_tls_CApath':
>
>"
On Thu, Feb 11, 2021 at 3:11 PM Matus UHLAR - fantomas
wrote:
> On 11.02.21 14:51, bitozoid wrote:
> >As of today, doc says for 'smtp_tls_CAfile':
> >
> >"A file containing CA certificates of root CAs trusted to sign either
> >remote SMTP server certificates
On 11.02.21 14:51, bitozoid wrote:
As of today, doc says for 'smtp_tls_CAfile':
"A file containing CA certificates of root CAs trusted to sign either
remote SMTP server certificates or intermediate CA certificates."
and for 'smtp_tls_CApath':
"Directory with PEM format Certific
As of today, doc says for 'smtp_tls_CAfile':
"A file containing CA certificates of root CAs trusted to sign either
remote SMTP server certificates or intermediate CA certificates."
and for 'smtp_tls_CApath':
"Directory with PEM format Certification Authority certificates that
t
ve configured postfix to check CAfile which contains only Godaddy root
certificate as follow for outgoing emails.
smtp_tls_CAfile = /etc/certs/go-daddy-root-ca.crt
my surprise that still postfix trust the server certificates when email is
sent to Yahoo or Gmail.. (although they are using diffe
On Fri, Sep 25, 2015 at 06:16:10PM +0300, Michael Peter wrote:
> I have configured postfix to check CAfile which contains only Godaddy root
> certificate as follow for outgoing emails.
>
> smtp_tls_CAfile = /etc/certs/go-daddy-root-ca.crt
Which certificates are in that file? Repor
On Fri, Sep 25, 2015 at 03:40:17PM +, Viktor Dukhovni wrote:
> What version of Postfix are you using?
Note that in Postfix prior to 2.8, setting a non-empty CAfile causes
the default system certificate store to also be enabled.
--
Viktor.
> On Fri, Sep 25, 2015 at 06:16:10PM +0300, Michael Peter wrote:
>
>> I have configured postfix to check CAfile which contains only Godaddy
>> root
>> certificate as follow for outgoing emails.
>>
>> smtp_tls_CAfile = /etc/certs/go-daddy-root-ca.crt
>
> Wh
> On Fri, Sep 25, 2015 at 07:21:32PM +0300, Michael Peter wrote:
>
>> > What version of Postfix are you using?
>>
>> postfix/master[7500]: reload -- version 2.6.6, configuration
>> /etc/postfix
>
> That's nearly seven years old. When you enable t
On Fri, Sep 25, 2015 at 07:21:32PM +0300, Michael Peter wrote:
> > What version of Postfix are you using?
>
> postfix/master[7500]: reload -- version 2.6.6, configuration /etc/postfix
That's nearly seven years old. When you enable the Web PKI by
setting smtp_tls_CAfile, that versio
On Fri, Sep 25, 2015 at 07:56:15PM +0300, Michael Peter wrote:
> Just for info, How can i know the default locations for default system
> certificates which postfix drag when setting smtp_tls_CAfile ?
This is system-dependent:
$ openssl version -d
OPENSSLDIR: "/usr/pkg/
gt; That's nearly seven years old. When you enable the Web PKI by
> setting smtp_tls_CAfile, that version of Postfix will also drag
> in all the default system certificate files.
For the record, in case you have not yet stumbled across this:
http://www.postfix.org/postconf.5.html#tls_appen
Hello,
I have configured postfix to check CAfile which contains only Godaddy root
certificate as follow
smtp_tls_CAfile = /etc/certs/go-daddy-root-ca.crt
my surpirse that still postfix trust the server certificates when email is
sent to Yahoo or Gmail.. although the CAfile contains only
Michael Peter:
> This makes me more confused..
>
> Please advise your opinion..
Please post your configration as requested in the welcome message.
wietse
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Thank
, this directory (or a copy) must be
! inside the chroot jail. /p
!
! p By default (see smtpd_tls_ask_ccert), client certificates are
! not requested, and smtpd_tls_CApath should remain empty. In contrast
! to smtp_tls_CAfile, DNs of certificate authorities installed
! in $smtpd_tls_CApath are not included
Hi,
I'm afraid I don't understand what the directive smtp_tls_CAfile does
exactly. According to postconf(5),
smtp_tls_CAfile (default: empty)
The file with the certificate of the certification authority (CA) that
issued the Postfix SMTP client certificate. This is needed only when
Manuel P?gouri?-Gonnard:
Hi,
I'm afraid I don't understand what the directive smtp_tls_CAfile does
exactly. According to postconf(5),
smtp_tls_CAfile (default: empty)
The file with the certificate of the certification authority (CA) that
issued the Postfix SMTP client
20 matches
Mail list logo