On Mon, Dec 15, 2025 at 02:19:59PM +0100, Stphane Guedon wrote: > Actually, right now, it works. These are the lines running in the servers : > > action "relay" relay host smtps://blackblock.22decembre.eu:10027 src > 2603:c026:306:9211::300 > > listen on $ip6 port 10027 smtps hostname blackblock.22decembre.eu pki > blackblock > > I see only two differences : I am not requiring tls on either side, and I am > explicit on the hostname in the listen clause.
The connection is using tls, smtps is by definition always over an encrypted channel. The syntax of smtpd.conf uses 'tls' in various places to mean starttls, which may have caused a bit of confusion. > Why is it a problem that I require tls validation ? I wanted to be safe, and > I felt like this was possible as I control both ends of the connection. Using smtps, the connection is encrypted. If you want to verify the client cert for full validation, that's also possible using 'verify'.
