Re: tls no-verify
4 juillet 2019 16:04 "Henry Jensen" a écrit: > > I see. Is this the default behavior? I noticed that > > action "relay" relay host smtp://my.internal.server tls no-verify > > and > > action "relay" relay host smtp://my.internal.server > > (opportunistic TLS) leads to the same result: the mail is transferred using > TLS. Only when I use > > action "relay" relay host smtp://my.internal.server tls > > an error occurs "reason=SSL certificate check failed". > no the default behaviour is opportunistic tls, so it'll do tls no-verify but will fallback to plaintext if no tls is available. tls no-verify won't hard fail if certificate is invalid, but it won't go to plaintext either. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: tls no-verify
On Thu, 4 Jul 2019 13:33:54 +0200 Gilles Chehade wrote: > On Thu, Jul 04, 2019 at 01:29:43PM +0200, Henry Jensen wrote: > > However, when relaying to that server I get such messages in the log, > > despite "tls no-verify" is set: > > > > smtp-out: Server certificate verification failed on session > > 3ba547f4f7b77d56c > > > > > > What am I doing wrong? > > > > nothing > > no-verify only means that if certificate does not validate, connection > will be dropped, the log will still be visible. I see. Is this the default behavior? I noticed that action "relay" relay host smtp://my.internal.server tls no-verify and action "relay" relay host smtp://my.internal.server (opportunistic TLS) leads to the same result: the mail is transferred using TLS. Only when I use action "relay" relay host smtp://my.internal.server tls an error occurs "reason=SSL certificate check failed". -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: tls no-verify
On Thu, Jul 04, 2019 at 01:29:43PM +0200, Henry Jensen wrote: > Greetings, > > using OpenBSD 6.5 with OpenSMTPD which forwards to an internal mail > server which uses an internal certifiate. > > > from smtpd.conf: > action "local" mbox alias > action "relay" relay host smtp://my.internal.server tls no-verify > > match for local action "local" > match for any action "relay" > > > However, when relaying to that server I get such messages in the log, > despite "tls no-verify" is set: > > smtp-out: Server certificate verification failed on session 3ba547f4f7b77d56c > > > What am I doing wrong? > nothing no-verify only means that if certificate does not validate, connection will be dropped, the log will still be visible. -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
tls no-verify
Greetings, using OpenBSD 6.5 with OpenSMTPD which forwards to an internal mail server which uses an internal certifiate. from smtpd.conf: action "local" mbox alias action "relay" relay host smtp://my.internal.server tls no-verify match for local action "local" match for any action "relay" However, when relaying to that server I get such messages in the log, despite "tls no-verify" is set: smtp-out: Server certificate verification failed on session 3ba547f4f7b77d56c What am I doing wrong? Kind Regards, Henry -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org