You need to sign in or sign up before continuing.
Server certificate is used as client certificate too
The server certificate is also used as client certificate:
# grep -r 'smtpd_tls_' /etc/postfix/*
/etc/postfix/main.cf:smtpd_tls_CAfile =
/etc/postfix/main.cf:smtpd_tls_cert_file = /var/cert/domain.xyz/cert.pem
/etc/postfix/main.cf:smtpd_tls_key_file = /var/cert/domain.xyz/key.pem
...
# grep -r 'smtp_tls_' /etc/postfix/*
/etc/postfix/main.cf:smtp_tls_CAfile =
/etc/postfix/main.cf:smtp_tls_cert_file = /var/cert/domain.xyz/cert.pem
/etc/postfix/main.cf:smtp_tls_key_file = /var/cert/domain.xyz/key.pem
...
Do not configure client certificates unless you must present client TLS certificates to one or more servers. Client certificates are not usually needed, and can cause problems in configurations that work well without them. http://www.postfix.org/postconf.5.html#smtp_tls_cert_file
This seems to be an upstream bug: https://github.com/NixOS/nixpkgs/blob/e92b11d964d13991f5d62b3affec04c4fb03f110/nixos/modules/services/mail/postfix.nix#L775-L777
Upstream bug: https://github.com/NixOS/nixpkgs/issues/88817
Edited by Benjamin Asbach