A private CA has issued server certs to mail.example.org. However, when smtpd from another server in the example.org domain connects to mail.example.org, TLS validation fails and the message exchange falls back to smtp+notls
Is there way to add a cert chain somewhere that smtpd will do a chain lookup in order to trust the TLS connection? The following log messages show the error: Mar 14 15:00:32 server smtpd[73240]: e415a0d39ccaa8a6 mta connected Mar 14 15:00:32 server smtpd[73240]: smtp-out: Error on session e415a0d39ccaa8a6: opportunistic TLS failed, downgrading to plain Mar 14 15:00:32 server smtpd[73240]: e415a0d39ccaa8a6 mta connecting address=smtp+notls://100.64.10.1:25 host=mail.example.org Mar 14 15:00:32 server smtpd[73240]: e415a0d39ccaa8a6 mta connected Mar 14 15:00:32 server smtpd[73240]: e415a0d39ccaa8a6 mta delivery evpid=6ad1c44d48964de8 from=<sen...@example.com> to=<recipi...@example.org> rcpt=<-> source="100.64.10.9" relay="100.64.10.1 (mail.example.org)" delay=42s result="Ok" stat="250 2.0.0 180e8af2 Message accepted for delivery" Thanks in advance.
