smtpd_tls_CApath etc - needed?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd_tls_CApath etc - needed?

Dominic Raferd
My mail servers, with LetsEncrypt certificates, seem to be working
perfectly (sending to, and receiving from, the world), but I have
never set any of:

smtp_tls_CAfile
smtp_tls_CApath
smtpd_tls_CAfile
smtpd_tls_CApath
tls_append_default_CA

Should I be setting any of these?
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_tls_CApath etc - needed?

Viktor Dukhovni
On Wed, Sep 23, 2020 at 09:48:28AM +0100, Dominic Raferd wrote:

> My mail servers, with LetsEncrypt certificates, seem to be working
> perfectly (sending to, and receiving from, the world), but I have
> never set any of:
>
> smtp_tls_CAfile
> smtp_tls_CApath
> smtpd_tls_CAfile
> smtpd_tls_CApath
> tls_append_default_CA

Congratulations you have a working system that has not been tweaked
based on cargo-culting some random HOWTO.

> Should I be setting any of these?

No.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_tls_CApath etc - needed?

Dominic Raferd
On Thu, 24 Sep 2020 at 09:12, Viktor Dukhovni
<[hidden email]> wrote:

>
> On Wed, Sep 23, 2020 at 09:48:28AM +0100, Dominic Raferd wrote:
>
> > My mail servers, with LetsEncrypt certificates, seem to be working
> > perfectly (sending to, and receiving from, the world), but I have
> > never set any of:
> >
> > smtp_tls_CAfile
> > smtp_tls_CApath
> > smtpd_tls_CAfile
> > smtpd_tls_CApath
> > tls_append_default_CA
>
> Congratulations you have a working system that has not been tweaked
> based on cargo-culting some random HOWTO.
>
> > Should I be setting any of these?
>
> No.

Excellent, thank you Viktor!