Bonjour,
J'aimerais comprendre cette ligne de log :
Code :
- Oct 14 11:05:07 smtpsash01 postfix/smtp[16257]: certificate verification failed for DOMAINE.FR[xx.xx.xx.xx]:25: self-signed certificate
|
Plus particulièrement comprendre pourquoi "certificate verification failed".
Voici une partie de main.cf
------------------------------------------------------------------------------------------------------------------------
######################################################
## Definition des parametres de chiffrement via TLS ##
######################################################
# Smtp ( OUTGOING )
smtp_tls_loglevel = 1
smtp_tls_security_level = may
#smtp_tls_CAfile = /configuration/ssl/smtp.mondomaine.fr.pass.key
smtp_tls_protocols = !SSLv2, !SSLv3, TLSv1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
# Smtpd ( INCOMING )
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_protocols = !SSLv2, !SSLv3, TLSv1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
#smtpd_tls_CAfile = /configuration/ssl/DigiCertCA.crt
smtpd_tls_cert_file = /configuration/ssl/smtp.mondomaine.fr.crt
smtpd_tls_key_file = /configuration/ssl/smtp.mondomaine.fr.nopass.key
smtpd_tls_eecdh_grade = ultra
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp521r1
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
lmtp_tls_session_cache_database = btree:${data_directory}/lmtp_scache
smtpd_tls_session_cache_timeout = 3600s
##################################
## Parametres de connexion SASL ##
##################################
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_authenticated_header = no
broken_sasl_auth_clients = yes
------------------------------------------------------------------------------------------------------------------------
Merci d'avance pour votre aide.