On Wed, Jul 15, 2009 at 3:07 PM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote:
> On Wed, Jul 15, 2009 at 02:33:46PM -0400, Linux Addict wrote: > > > I ran openssl test command that you provided and doesn't look like my > cert > > config is good. > > > > > > [r...@mx01 ~]# openssl s_client -starttls smtp -connect localhost:25 > > CONNECTED(00000003) > > --- > > Certificate chain > > 0 s:/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX > > i:/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 1595 bytes and written 350 bytes > > --- > > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > > Server public key is 1024 bit > > --- > > 220 XXX ESMTP > > This is exactly what you would expect. Everything is working fine. > > -- > Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. > I am reading TLS page on postfix and here http://www.state-of-mind.de/assets/postfix_tls.pdf. I have one last question. What I am trying to setup is, I have set of hosts in LAN which use postfix relay servers in DMZ to send (secure) mails to one of our external client. The external client insists on using verisign cert. On this scenario my postfix server will send mails to the external client's server, so should I configure the Client Certificate on my postfix. Thank you,
