Loading ...
Sorry, an error occurred while loading the content.

relaxed verification of certificate

Expand Messages
  • martin f krafft
    Hi, we are in the unfortunately position to have to use a mail relay who s MX record and certificate CN do not match, and never will. Thus, I have to configure
    Message 1 of 1 , Jul 1, 2006
    • 0 Attachment
      Hi,

      we are in the unfortunately position to have to use a mail relay
      who's MX record and certificate CN do not match, and never will.
      Thus, I have to configure the host with smtp_tls_per_site maps as
      MUST_NOPEERMATCH (or the new 'encrypt' policy, as opposed to verify
      or secure).

      Is it possible to just tell postfix about the expected name
      divergence?

      I think I can do this with 2.3 by specifying the match
      attribute. I could not get this to work yet, is my assumption
      correct though?

      Can I do this with postfix 2.1 (which is the default for Debian
      stable systems)? I tried using a transport map to map the MX to the
      actual host name, but apparently (or obviously) that's not being
      used.

      Thanks,

      --
      martin; (greetings from the heart of the sun.)
      \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck

      spamtraps: madduck.bogus@...

      "all unser übel kommt daher,
      daß wir nicht allein sein können."
      -- schopenhauer
    Your message has been successfully submitted and would be delivered to recipients shortly.