On Tue, May 13, 2025 at 01:44:14PM +0200, Gregory Kohring via Postfix-users
wrote:
> > More likely misconfiguration, or perhaps some middlebox between you and
> > Gmail. Test with:
> >
> > $ posttls-finger -c -F /etc/ssl/cert.pem -lsecure -Lsummary
> > "[gmail-smtp-in.l.google.com]"
> > posttls-finger: Verified TLS connection established to
> > gmail-smtp-in.l.google.com[2404:6800:4003:c1c::1a]:25: TLSv1.3 with cipher
> > TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519MLKEM768
> > server-signature ECDSA (prime256v1) server-digest SHA256
> >
> > replacing "/etc/ssl/cert.pem" with whatever file name holds the trusted
> > root CAs on your system. Any middlebox on your end should not be able
> > to impersonate Gmail (unless it is a locally trusted CA).
> >
>
> posttls-finger -c -F /etc/ssl/certs/ca-certificates.crt -lsecure
> -Ldebug"[gmail-smtp-in.l.google.com]"
>
> returns
>
> posttls-finger: initializing the client-side TLS engine
I am assuming the missing space between the (not requested) -Ldebug and
the SMTP nexthop is an error in posting the command used. If that's all
the output you got, drop the "-c" and see what the remote server's EHLO
response is from your vantage.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
