|Main Archive Page > Month Archives > postfix-users archives|
Ok thanks. Guess I was looking too much into it. I intentionally raised the debug level to try to find this out. I normally run with it at 1.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Westfield State University
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Victor Duchovni
Sent: Wednesday, April 20, 2011 5:04 AM
Subject: Re: Problem with wildcard certificate
On Wed, Apr 20, 2011 at 12:29:27AM +0000, Casartello, Thomas wrote:
> Hello there. I recently just placed a new certificate into my postfix
> server. It is a wildcard certificate. The server's name is not covered
> by the wildcard common name, but it is covered by a subject alternative
> name in the cert. I have two versions of the same cert installed, one on
> a postfix server, one on a Microsoft Exchange system. I am using another
> postfix server to make the test connection. The certs are similar, same
> common name. However they have different keys, and the subject alternate
> names of the certs are different on the two servers.
> When I connect to the Exchange server using my postfix client server, I see this:
> Apr 19 20:15:08 mx2 postfix/smtp: setting up TLS connection to mail.wsc.ma.edu[188.8.131.52]:25
> Apr 19 20:15:08 mx2 postfix/smtp: mail.wsc.ma.edu[184.108.40.206]:25: TLS cipher list "ALL:+RC4:@STRENGTH"
Your TLS loglevel is set too high, use "1" or "0" for production
> However when I connect to my other postfix server I get this:
> Apr 19 20:19:18 mx2 postfix/smtp: setting up TLS connection to mx1.wsc.ma.edu[220.127.116.11]:25
> Apr 19 20:19:18 mx2 postfix/smtp: Untrusted TLS connection established to mx1.wsc.ma.edu[18.104.22.168]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Since you have not configured certificate verification, Postfix negotiates
a certificateless anonymous cipher, when the remote server supports this.
> Trying to figure out why I'm getting untrusted when going from postfix
> to postfix but not from postfix to Microsoft. The difference I see is
> 20:19:18 mx2 postfix/smtp: SSL_connect:SSLv3 ...
You're trying to read low-level debug logs, that are leading you astray.
> Any thoughts as to why the different behavior?
There is no practical security difference between "trusted" and
"untrusted". In both cases the certificate is unverified.