On 26 March 2013 10:53, Marko Weber | ZBF <we...@zackbummfertig.de> wrote: > > > Am 2013-03-26 10:30, schrieb Reindl Harald: >> >> Am 26.03.2013 09:44, schrieb Marko Weber|ZBF: >>> >>> Mar 25 14:04:35 mail postfix/smtpd[31103]: Untrusted TLS connection >>> established from >>> loninmrp15.uk.db.com[160.83.44.131]: TLSv1 with cipher DHE-RSA-AES256-SHA >>> (256/256 bits) >>> >>> why is on incoming mails the TLS connection untrusted? >> >> >> http://www.mailinglistarchive.com/postfix-users@postfix.org/msg57760.html > > > Hi Harald, > u seen that "outgoing" mails do "verified TLS connection?" > > i ask myself why the connection ist "UNTRUSTED" when this client sends to me > the connection is not "trusted" ? > > i use a valid thawte cert on my postfix server. > > i also set in smtpd_sender_restrictions that the client has to use TLS ... > "reject_plaintext_session", > when he delivers mails to me. > > on test from another machine, the TLS connection was also trusted. this > shows me that my certs on postfix server are valid and working.
When you connect to the deutsche bank server, your server is telling you that the connection is with the deutsche bank server. i.e. Trusted When the deutsche bank server connects to your server your server is telling you there is a connection from someone claiming to be deutsche bank. i.e. not trusted. Unless you can either give the deutsche bank server a key with which to identify themselves (and persuade them to use it), this will always be the case. Simon