|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
relaxed verification of certificate
From: martin f krafft (postfix-users=postfix.org
mass.madduck.net)
Date: Sat Jul 01 2006 - 11:51:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
we are in the unfortunately position to have to use a mail relay
who's MX record and certificate CN do not match, and never will.
Thus, I have to configure the host with smtp_tls_per_site maps as
MUST_NOPEERMATCH (or the new 'encrypt' policy, as opposed to verify
or secure).
Is it possible to just tell postfix about the expected name
divergence?
I think I can do this with 2.3 by specifying the match
attribute. I could not get this to work yet, is my assumption
correct though?
Can I do this with postfix 2.1 (which is the default for Debian
stable systems)? I tried using a transport map to map the MX to the
actual host name, but apparently (or obviously) that's not being
used.
Thanks,
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" netmadduck
spamtraps: madduck.bogusmadduck.net
"all unser übel kommt daher,
daß wir nicht allein sein können."
-- schopenhauer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEpqgeIgvIgzMMSnURAponAJ9iKnvrGFL/8sySXTtxE5z3kgt9oQCfYIm2
NkN7iLkKZmjC8qXwRaU59q0=
=Qna3
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]