I am new to manage a mail server, but since i am a java programmer i
wanted a software that were easly to adapt to my needs, so when i found
apache james it fits like a glove.
So in my journey to set it in prod mode i found a lot of problems which
i could resolve, for example (understad that i was new) SFP, DKIM,
setting correct ehlo name and similars. But the ones i am no sure if
have to resolve on my side are those ones involved with TLS
communication. My servers logs different fails like:
* unable to find valid certification path to requested target
* Can't verify identity of server: <domain server here>
* Certificate expired
Checking those certs on the target mail server i found that they are to
old, or self signed, that of course means a configuration problem, but
they're been running for months even years, if they wouldn't had
receiving mails they would had correct it, right? so in order for them
to keep that bad config means other server by passes those native cert
restrictions and send emails anyway.
So my question is.. do i need to do that too? this would mean to avoid
the nature of certs, so if this has to be this way, why concern about
implementing TLS? just for encryption? I set the remote delivery config
of verifyServerIdentity to false to bypass one kind of error, but what
about the others? What do you recommend me to do?
Thanks for your time.
