Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 3 subscribers
  • Views 3337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One question regarding reciepient verification

Borut Zidaric

Hi

 

My first post here. I have noticed that if i use 636 port and ssl verification against AD in email verification it is not working. If i change to 389 without ssl it starts in a moment. I am on:9.605-1. Any idea? I would not like to change, because also sslvpn uses same query.

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Jaydeep

    I have solved problem with option 2:

     

    Option 1: Switch to non encrypted LDAP connections or recipient verification with callout. Option 2: Add the following line to /var/chroot-smtp/etc/openldap/ldap.conf TLS_REQCERT allow According to linux.die.net/.../ldap.conf : TLS_REQCERT <level>  Specifies what checks to perform on server certificates in a TLS session, if any. The <level> can be specified as one of the following keywords: ... allow  The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally.

    NUTML-11946

  • 0 in reply to Borut Zidaric

    Is it therefore appropriate to conclude that when SMTP Proxy uses secure LDAP, it performs certificate verification by default, while the  authentication services do not?   So the third option would be to use a valid CA certificate.

Unfiltered HTML