Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: openssl3+postfix issue (ca md too weak)

On Mon, Nov 13, 2023 at 07:16:14PM -0800, Brian Buhrow wrote:
> 	Hello Taylor.  Just as a point of reference, smtp clients that connect to domains hosted by
> Microsoft, i.e. and any other domains that use their infrastructure for e-mail, will
> have to present a valid SSL certificate in order to submit mail to their smtp servers.  But
> that is a different issue than Manuel is describing, as I understand it.  I think he is saying
> that the server is presenting an SSL certificate that his client doesn't like when he tries to
> send mail to an external smtp server.  In that case, I agree with you, his client shouldn't be
> overly concerned about whether the server presented SSL certificate can be verified all the way
> down the verification chain.  I guess it's fine if it does the verification and puts a note in
> the headers, but it shouldn't stop mail from going out.

Actually, the client is using SMTP AUTH, so making sure he's sending the
auth credentials to the right SMTP server is critical.

Manuel Bouyer <>
     NetBSD: 26 ans d'experience feront toujours la difference

Home | Main Index | Thread Index | Old Index