This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One question regarding reciepient verification

Hi

 

My first post here. I have noticed that if i use 636 port and ssl verification against AD in email verification it is not working. If i change to 389 without ssl it starts in a moment. I am on:9.605-1. Any idea? I would not like to change, because also sslvpn uses same query.

 



This thread was automatically locked due to age.
Parents Reply Children
  • Hi  

    Would you please create a case with Sophos Support? Once the case has been created, please message me the case number.

    Regards

    Jaydeep

  • I have solved problem with option 2:

     

    Option 1: Switch to non encrypted LDAP connections or recipient verification with callout. Option 2: Add the following line to /var/chroot-smtp/etc/openldap/ldap.conf TLS_REQCERT allow According to linux.die.net/.../ldap.conf : TLS_REQCERT <level>  Specifies what checks to perform on server certificates in a TLS session, if any. The <level> can be specified as one of the following keywords: ... allow  The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally.

    NUTML-11946

  • Is it therefore appropriate to conclude that when SMTP Proxy uses secure LDAP, it performs certificate verification by default, while the  authentication services do not?   So the third option would be to use a valid CA certificate.