On Mon, Sep 25, 2023 at 10:47:44PM +0200, A. Schulze via Postfix-users wrote:
> If operating SMTP clients with a client certificate is so dangerous
> and has no value, why would google go that?
Not, dangerous, just largely pointless, with *potential* complications,
unless there are servers that can actually make use of said
certificates.
In the case of Google's outbound SMTP, perhaps various servers in fact
do verify their client certificates.
Or perhaps the TLS layer used by Gmail was configured with the same
certs inbound and outbound without much analysis as to whether both are
required. If the certs are always available and current, they'll
generally just go unused without getting in the way. More pointless
than harmful.
> ยน) grep 'Trusted TLS connection established from' /var/log/mail | grep
> '.google.com\['
That won't do any good on my end, my SMTP server does not request client
certificates. :-)
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
