Client did not present a certificate (Postfix)

David A asked:

I have postfix SMTP relay which have been configured with TLS option. Now just realized when sending email to gmail (for example) using Microsoft outlook,found out this “Client did not present a certificate” on the recipient’s mail header

Received: from MYCOMPUTER (unknown []) (using TLSv1.2 with cipher (256/256 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id ABCDE12345 for [email protected]

I am using purchased wildcard SSL cert from Comodo.

May I know why? Did I configure wrongly?

Please help

smtpd_tls_security_level = may
smtp_tls_security_level = may
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/postfix/certs/key.key
smtpd_tls_cert_file = /etc/postfix/certs/crt.crt
smtpd_tls_CAfile = /etc/postfix/certs/

smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_ask_ccert = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes

My answer:

You’ve configured Postfix to ask connecting SMTP clients for a client certificate.

 smtpd_tls_ask_ccert = yes

It’s not clear why you have done this, as this is not what you said you want. Perhaps it came from an erroneous Internet tutorial?

In any case, you should be able to remove this line to cause the warning to go away.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.