Olaf Hering [05.08.2015 17:02]:
On Wed, Aug 05, Werner Flamme wrote:
edit /etc/postfix/main.cf so that it does. Maybe you can set smtpd_tls_cert_file to the same value, just to be sure. After the edit "rcpostfix reload" to notify postfix of the changes.
I do not have a certificate, not sure if I need one.
Now smtp_tls_cert_file is disabled, and smtp_enforce_tls changed from no to yes. With smtp_tls_loglevel=3 I see output like:
Aug 05 16:55:20 probook.fritz.box postfix/smtp[12522]: Verified TLS connection established to smtp.strato.de[2a01:238:20a:202:55f0::1133]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 05 16:55:20 probook.fritz.box postfix/smtp[12522]: 3E84B5085B: to=<olaf@aepfle.de>, relay=smtp.strato.de[2a01:238:20a:202:55f0::1133]:25, delay=0.59, delays=0.13/0.09/0.32/0.04, dsn=2.0.0, status=sent (250 2.0.0 queued as L0469dr75EtKBQL)
So its appearently working.
Olaf
Hi Olaf, you don't need a certificate. I recomment reading the client section of <http://www.postfix.org/TLS_README.html#client_tls> though :) ("Do not configure Postfix SMTP client certificates unless you must present client TLS certificates to one or more servers."). As default, smtp_tls_cert_file is empty. I never set smtp_enforce_tls to yes, since sometimes I have to communicate with servers that are not capable of TLS. smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may Regards, Werner --