>> Thank you for the answers. I'm reading the documentation and we need to >> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as >> possible and I will report the result here. > > I am curious why with opportunistic TLS (security level may), you're > bothering to take any action to tweak the entirely cosmetic certificate > path validation status?
What about parsing the maillog and adding those trusted servers to a table in order to enforce a higher tls level for future requests? Or just to be informed a previously trusted server cannot establish trusted connections anymore. Best regards Gerald
