....
 

Guardian Digital Inc. > InfoCenter > Mailing List Archives > Postfix

Postfix Mailing List Archive

From: Victor Duchovni (Victor.Duchovni@MorganStanley.com)
Date: Fri Dec 17 2004 - 13:58:45 EST


On Fri, Dec 17, 2004 at 01:21:27PM -0500, Victor Duchovni wrote:

> Asking for client certs with an empty CA list (unsetting smtpd_tls_CAfile),
> does not change the list of clients that fail. Not asking for client certs
> still leaves the Symantec NAVGW client failing, still waiting for evidence
> from the "Plesk" and qmail systems.
>

Not asking for client certs fixes the qmail and "Plesk" (also really
qmail) systems. The residual clients just lose when presented with
STARTTLS with or without client certificate requests.

So for now, I will need to selectively hide "STARTTLS" in the EHLO
response for some clients. If a client can't cope with client certs,
I am happy to forgo TLS with this client entirely, but if there is a
client or HELO control on ask_ccert, I could use that.

-- 
	Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo@postfix.org?body=unsubscribe%20postfix-users>


[ About Guardian Digital ] - [ Press Center ] - [ Contact Us ] - [ System Activation ] - [ Reseller Info ] - [ Online Store ] - [ Site Map ]
Copyright (c) 2000 - 2004 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.