On Thu, Feb 20, 2014 at 07:23:19PM +0100, Andreas Metzler wrote:
> - The hostname in the certificate does NOT match 'mail1.merlins.org'
> verify error:num=10:certificate has expired
> notAfter=Jan 25 21:52:08 2014 GMT
With opportunistic TLS, none of this *should* matter. The SMTP
client completed the handshake and used the encrypted channel to
send EHLO and QUIT.
Of course it is possible that some SMTP clients apply certificate
expiration checks and/or name checks even for opportunistic TLS,
but they would have trouble sending email to a lot more domains
than merlins.org.
--
Viktor.
