On 2025-12-12 18:46, Greg Klanderman via Postfix-users wrote:
> I had been planning to get a real certificate when I upgrade the OS
> and postfix.. I'll see if that resolves the issue. Probably look into
> DANE/etc as well. I've got a pretty long list of deferred TLC...
Your self-signed certificate is real.
As pointed out by Bill, the
>> Subject CN in the cert offered by smtp.klanderman.net is
>> smtp2.klanderman.net and it includes no Subject Alternate Name field
That would be something to sort out.
> The other one I guess I can wait a month and see if they have sorted
> themselves out by my next statement.. but in that case I'm currently
> losing mail I want so even if not technically my problem, I would like
> to do something about it sooner than later if it continues..
I wonder if someone could enlighten me as to whether enabling DANE would
solve this for a self-signed certificate, or if a CA is a must in case
someone configures a server with `smtp_tls_security_level = verify` (in
case of Postfix - I reckon that is what possibly is going on here?).
Edmund
--
Edmund Lodewijks <[email protected]>
TZ: UCT+2 / GMT+2
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
