On Sat, Mar 11, 2023 at 11:43:35PM +0100, Vincent Lefevre wrote: > On 2023-03-11 05:13:36 +0800, Jeremy Ardley wrote: > > I just checked the headers of this mail as received from the list. I was a > > bit surprised (pleasantly) to see debian is using IPv6 mail services. > > > > The headers show my dual stack edge router/mailer used an IPv6 connection to > > Bendel rather than an IPv4 connection. > > > > Received: from edge.bronzemail.com (2403-5800-c000-1b7-f3d4-d970-ca28-bf4f.ip6.aussiebb.net [IPv6:2403:5800:c000:1b7:f3d4:d970:ca28:bf4f]) > > (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) > > key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) > > (Client did not present a certificate) > > by bendel.debian.org (Postfix) with ESMTPS id 79E372070F > > for <debian-user@lists.debian.org>; Fri, 10 Mar 2023 21:04:57 +0000 (UTC) > > > > (Now to figure out why 'client did not present a certificate'. The > > edge router/mailer has a letsencrypt certificate, so I guess I'll > > have to tweak postfix a bit.) > > Possibly due to IPv6, which yields the > 2403-5800-c000-1b7-f3d4-d970-ca28-bf4f.ip6.aussiebb.net > hostname, which is different from IPv4? > > But what's the point of a certificate in this particular case > (the server bendel.debian.org does not need to authenticate > the client)? It is just part of the TLS protocol. You might configure your mail server to present a certificate to its peers. The usual TLS stuff, just wrapping SMTP. Cheers -- t
Attachment:
signature.asc
Description: PGP signature