Comment: https://protonmail.com
Version: Pmcrypto Golang 0.0.1 (ddacebe0)
xjMEXLy3oxYJKwYBBAHaRw8BAQdA1u+3PBDg+JyMo01717GQuPnJCv7coei7Wa/m
Z7ehSj/NJSJsZXZhQGVjZW50cnVtLmh1IiA8bGV2YUBlY2VudHJ1bS5odT7CdwQQ
FgoAHwUCXLy3owYLCQcIAwIEFQgKAgMWAgECGQECGwMCHgEACgkQDEGOClIQCPwA
QwEA6t0v62AryOh8TC7zQ1UsKX11XnTCe/VdltU2oPo8GpkBAMMJ9i4sNsD+n2mF
EARyCjeDCgT8aDgYpVdOZMbmwWkEzjgEXLy3oxIKKwYBBAGXVQEFAQEHQEAbn78U
a1uhxrBz+4GqkHFZ7S+DSqU6YLDGruK/PLUDAwEIB8JhBBgWCAAJBQJcvLejAhsM
AAoJEAxBjgpSEAj8moABALrjTKLxEnoTBfxbHiYXWaZxlubOPO2zpz/f9ZBRqGz4
AP4/a0fJisj8dDrGf/7JnVonh+KF7L98v0SH1CTPXK6gDA==
=r0Cq
-----END PGP PUBLIC KEY BLOCK-----Hi all!
I have this on my relay host:
smtpd.conf:
ca myCA cert "/path/to/myCA.pem"
listen on egress port submission \
tls-require verify \
ca myCA
Now with that I expected that it'll only accept smtp clients that provide a certificate signed by myCA, but it turns out it accepts any certificate that is trusted based on the default /etc/ssl/certs.pem file.
Besides (re)moving the stock certs file or any other intrusive/ugly workaround, is there any way I could force a CA for those connections?
Thanks for any hints,
Dani
No comments:
Post a Comment