Postscipt: AMaViSd-new TLS Support Question
Klaus Tachtler
klaus at tachtler.net
Sun Oct 25 07:49:00 CET 2015
Hi,
if I enable at /etc/amavisd/amavisd.conf:
$tls_security_level_out = 'may';
I got following WARNING inside my /var/log/maillog from AMaViSd-new:
Oct 25 07:32:34 server70 amavis[5115]: (05115-01) _WARN:
*******************************************************************\n
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client\n
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER\n
together with SSL_ca_file|SSL_ca_path for verification.\n If you
really don't want to verify the certificate and keep the\n connection
open to Man-In-The-Middle attacks please set\n SSL_verify_mode
explicitly to SSL_VERIFY_NONE in your
application.\n*******************************************************************\n at /usr/sbin/amavisd line
8392.
Maybe there are some problems on CentOS-7 with the defaults for SSL at
IO::Socket::SSL ...?
Sorry, I'm not a perl programmer...
> Hi,
>
> is there a possibility to ENABLE TLS connection between Postfix and
> AMaViSd-new, because
> my Postfix and the AMaViSd-new NOT on the same HOST.
>
> Postfix --> smtpd_proxy-filter OR content_filter with TLS --> AMaViSd-new
>
> I found some parameter at /etc/amavisd.conf, who arouse my interest:
>
> # $tls_security_level_in = undef; # undef, 'may', 'encrypt', ...
> # $smtpd_tls_cert_file = undef;
> # $smtpd_tls_key_file = undef;
>
> Thank you!
> Klaus.
Thanks for the help!
Klaus.
--
------------------------------------------
e-Mail : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------
More information about the amavis-users
mailing list