[ngw] GWIA - SMTP & TLS Certificate Verification
dzanre.ngwlist at gmail.com
Thu Nov 1 08:47:18 UTC 2018
I’m pretty sure that GW cannot do this. Unless MF has a better workaround, I’d punt and use a Postfix front-end, which can require certificate verification, at least from their doc statements.
Danita Zanrè Tel: (720)319-8240 - Move Out of the Office
Tel: (720)319-7530 - Caledonia
On Nov 1, 2018 at 07:47:55 GMT+1, Marvin Huffaker <mhuffaker at redjuju.com> wrote:
> I have a customer with a GroupWise system.. Raytheon is one of their customers.
> Raytheon is beginning to enforce a new SMTP TLS policy for anybody that communicates with them regularly (Yet it appears it's on a per domain basis, so spammers and such wouldn't fall under this same policy)..
> Based on their requirement, just having a valid trusted 3rd party certificate isn't enough. They want the GroupWise server to be able to verify the certificate as well. To my knowledge, GroupWise does not now or has it ever had this capability. It just uses whatever certificate is presented without verification, which is why it works fine with self signed certs. And furthermore, I've never in my career seen an email server that requires certificate verification befor.
> So how could I accomplish this? This is what they want:
> "The Raytheon servers have been configured for TLS with certificate verification with the xxxxxxxxxxxx
> ( http://presidiocomponents.com/) domain. Once the xxxxxxxxxxxx sending servers for this domain have been configured to require TLS with certificate verification with the Raytheon domains, TLS will be fully setup.
> Raytheon domains:
> ngw mailing list
> ngw at ngwlist.com
More information about the ngw