[BlueOnyx:24000] Re: 5210R Updates: Postfix, SNI for Email and Maildir
Michael Stauber
mstauber at blueonyx.it
Mon Jun 15 03:34:23 -05 2020
Hi Felix,
> Then something else is not functioning. The DNS record for mail is there. We
> then created a new Let's Encrypt certificate with mail.Vsite added, but to
> no avail, users are still asked to accept the certificate ....
It's possible that their email client doesn't support SNI.
To verify that SNI works try this from a Linux shell. Assuming the name
of the Vsite is "mail.vsite.com" run this:
openssl s_client -connect mail.vsite.com:25
-starttls smtp|grep -E "CN =|Verification:"
That should tell you if Postfix reported back with the correct
certificate for mail.vsite.com and if the result was "Verification: OK".
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list