|Main Archive Page > Month Archives > postfix-users archives|
On Tue, May 13, 2014 at 02:04:19PM +0200, Simon Effenberg wrote:
> May 13 13:58:10 mail postfix/smtp: Untrusted TLS connection
> established to my.mailserver.de[220.127.116.11]:25: TLSv1.2 with cipher
> AECDH-AES256-SHA (256/256 bits)
The connection is actually "Anonymous" as evidenced by the cipher-suite
(AECDH-AES256-SHA). So no certificate is exchanged at all.
The logging is misleading, it should say "Anonymous" rather than
"untrusted". This is fixed in 2.11.1 and 2.12 snapshots.
Anonymous connections are the norm when both ends are Postfix and
the client TLS security level (policy) is "may".
If you want authentication of this destination, you need to use a
security level that demands authentication, one of: