Please do not top-post your replies. Thank you. On Wed, Jun 09, 2010 at 10:22:16AM +0200, Jan C. wrote: > thanks for your answer but that does not answer by question. Is the > /etc/ssl/certs directory loaded also by default ? I did the test:
Postfix postconf(5) defaults can be shown with the postconf(1) tool: $ /usr/sbin/postconf -d smtp_tls_CApath smtp_tls_CApath = Defaults are also documented as much as possible in the postconf(5) man page; every defined setting has its own hyperlink in the HTML version, as such: postconf.5.html#smtp_tls_CApath > smtp_tls_CApath = /foo/bar > I added/hashed some certs in /foo/bar > > When postfix connects to a smtp server (tls verify), certificates > issued by CAs from /etc/ssl/certs AND from /foo/bar are trusted. Do > you confirm this ? Um, no. By default Postfix is not going to use TLS at all. When activated, by default, no certificate verification is done at all. Consult your distributor's package documentation if they have set different defaults. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header