Phil Pennock wrote:
> Re-reading your mail, I think that "it" in "when it sends mail" is
> perhaps unclear; so, this is the log-files of remote servers, when
> sending mail to the machine with the self-signed cert, reports the DN,
> but when sending mail to the machine with the externally-issued cert,
> this isn't reported?
>
Given servers A and B, A has a real cert, B has a self-signed. Mail
sent via host B to A results in the self-signed cert's details being
displayed in the logs on A. Mail sent via server A to B in the same
manner gives nothing in server B's logs.
> What's the value of tls_advertise_hosts on the new box?
Both servers have "*".
> Did you get
> fancy and enable it for submission service and not for port 25? Eg, my
> default setting boils down to:
> tls_advertise_hosts = ${if =={$received_port}{587}{*}{}}
>
Nope, just port 25.
> You're looking on identical hosts, both have +tls_peerdn in the
> log_selector?
>
Yes.
> Which library is used on the remote machines? Has that changed
> recently?
>
They both have openssl installed, so I would guess that.
--
Martin A. Brooks | http://www.antibodymx.net/ | Anti-spam & anti-virus
Consultant | martin@??? | filtering. Inoculate
antibodymx.net | m: +447792493388 | your mail system.
