Centos – Client did not present a certificate (Postfix)

centospostfixsslstarttls

I have postfix SMTP relay which have been configured with TLS option. Now just realized when sending email to gmail (for example) using Microsoft outlook,found out this "Client did not present a certificate" on the recipient's mail header

Received: from MYCOMPUTER (unknown [100.200.100.150]) (using TLSv1.2 with cipher (256/256 bits)) (Client did not present a certificate) by smtpserver.domain.com (Postfix) with ESMTPSA id ABCDE12345 for user@gmail.com

I am using purchased wildcard SSL cert from Comodo.

May I know why? Did I configure wrongly?

Please help

smtpd_tls_security_level = may
smtp_tls_security_level = may
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/postfix/certs/key.key
smtpd_tls_cert_file = /etc/postfix/certs/crt.crt
smtpd_tls_CAfile = /etc/postfix/certs/cabundle.ca-bundle

smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_ask_ccert = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes

Best Answer

using TLSv1.2 with cipher (256/256 bits)

The server supports TLS and the client chose to negotiate a secure TLS connection, all is good there.

(Client did not present a certificate)

The cliƫnt did not use a TLS client certificate to authenticate itself to the server for mutual TLS which is very common and no reason to worry, unless you want/need to do mutual TLS

Related Topic