I do not specify "verify" anywhere in my config file. This is mainly because I do not have client certificates setup for sending mail, and verification on internet facing situations is broken, since most smtp hosts do not have valid certificates. So I use TLS, but I don't verify.
I noticed this in my log when relaying to gmail and also when receiving from a server: smtp-out: Started TLS on session 1e5a34ef828cf29f: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 smtp-out: Server certificate verification succeeded on session 1e5a34ef828cf29f [^] I figured: even though I don't have verify set, it still verifies it, and if it's valid, adds the flag to the "Received:" line. If it's not valid, then I'd expect it to not print that second log line, and not add any flag to the "Received:" line. But then I saw this message a few moments later, when sending an email: smtp-in: Client certificate verification succeeded on session 29d80be584e04fbc smtp-in: Accepted authentication for user zx2c4 on session 29d80be584e04fbc I'm not using client certificates. I don't have 'verify' specified. Yet it still said "verification succeeded". So then it seems my initial assumption [^] was incorrect. It seems, in this case, that when "verify" isn't set, the verification function just always returns true, and this message of "certificate verification succeeded" is always printed? Or is there a more subtle behavior? What's up? -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
