Postscipt: AMaViSd-new TLS Support Question

Klaus Tachtler klaus at tachtler.net
Sun Oct 25 07:49:00 CET 2015


Hi,

if I enable at /etc/amavisd/amavisd.conf:

$tls_security_level_out = 'may';

I got following WARNING inside my /var/log/maillog from AMaViSd-new:

Oct 25 07:32:34 server70 amavis[5115]: (05115-01) _WARN:  
*******************************************************************\n  
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client\n  
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER\n  
together with SSL_ca_file|SSL_ca_path for verification.\n If you  
really don't want to verify the certificate and keep the\n connection  
open to Man-In-The-Middle attacks please set\n SSL_verify_mode  
explicitly to SSL_VERIFY_NONE in your  
application.\n*******************************************************************\n  at /usr/sbin/amavisd line  
8392.

Maybe there are some problems on CentOS-7 with the defaults for SSL at  
IO::Socket::SSL ...?

Sorry, I'm not a perl programmer...

> Hi,
>
> is there a possibility to ENABLE TLS connection between Postfix and  
> AMaViSd-new, because
> my Postfix and the AMaViSd-new NOT on the same HOST.
>
> Postfix --> smtpd_proxy-filter OR content_filter with TLS --> AMaViSd-new
>
> I found some parameter at /etc/amavisd.conf, who arouse my interest:
>
> # $tls_security_level_in = undef;  # undef, 'may', 'encrypt', ...
> # $smtpd_tls_cert_file = undef;
> # $smtpd_tls_key_file = undef;
>
> Thank you!
> Klaus.

Thanks for the help!
Klaus.



--

------------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------



More information about the amavis-users mailing list