Hello, [email protected] ([email protected]), 2022.03.15 (Tue) 00:27 (CET): > On Tue, Mar 15, 2022 at 09:40:34AM +1100, Dipesh Sharma wrote: > >Did you try the 'tls no-verify' option described here: > >https://man.openbsd.org/smtpd.conf#tls ? If you are sure that some host > >under example.com is talking to the correct mail.example.com host, it is OK > >to skip the certificate verification. > > I did not as that is not what I'm hoping to do. > > Instead I'd like to verify the servers certificate is signed by a CA > whose certificate is on the client machine.
IIUC the client server needs the CA Certificate that was used to generate the SMTP-server Certificate in its /etc/ssl/cert.pem (on OpenBSD). Marcus
