Re: [SOGo] SMTP TLS verification

[nico...@hoeft.de]

Hi,

You could add the external hostname to /etc/hosts, which then would 
resolve to localhost again.


Alternatively, you could also make the non-TLS port bind on localhost 
only, in this way it isnt exposed externally (passing -o 
smtp_bind_address in master.cf).



Nicolas

Am 15.04.23 um 17:36 schrieb "Simon Wilson" (si...@simonandkate.net):
I see with SOGoSMTPServer that I can set 
"smtp://localhost:587/?tls=YES=allowInsecureLocalhost" - 
however this only works when the SMTP server is at localhost. I use a 
non-localhost SMTP server which uses Let's Encrypt certs for Postfix, 
but pinned to external domain names. Thus when using internal 
addressing for this server the certificate verification fails when 
submitted to by SOGo.


Is there a way to accept insecure non-localhost? Otherwise I have to 
open submission port externally and loop back to it, which is not a 
preferred option. 

[SOGo] SMTP TLS verification

["Simon Wilson"]

I see with SOGoSMTPServer that I can set 
"smtp://localhost:587/?tls=YES=allowInsecureLocalhost" - however 
this only works when the SMTP server is at localhost. I use a non-localhost 
SMTP server which uses Let's Encrypt certs for Postfix, but pinned to external 
domain names. Thus when using internal addressing for this server the 
certificate verification fails when submitted to by SOGo. 

Is there a way to accept insecure non-localhost? Otherwise I have to open 
submission port externally and loop back to it, which is not a preferred option.