Nice that this got marked resolved, when nothing got resolved.
After chasing certificate problems down for a week or so, I came to the following conclusions:
stop validating certificates when sending email to other mail servers.
current philosophy is to not send via TLS to any mail server who’s certificate
fails validation (expired, wrong domain, self-signed).
needs to change its philosophy to use any certificate send by a mail server to
Smartermail will send an email via plain text if TLS fails.
The Goal is to send as many emails with TLS as possible.
The receiving mail server sends a certificate to Smartermail to use for TLS
Smartermail should use that certificate NO MATTER WHAT to send TLS.
cares if the certificate is expired, for the wrong domain, or
self-signed? Smartermail should use that certificate to send via TLS. If
the certificate doesn’t validate, Smartermail turns around and send the email
ANYWAY, in PLAIN TEXT, which is the most UNSECURE way to send the email. It
doesn’t matter that the certificate could be fake, Smartermail is going to send
the email via plain text anyway.
came to this conclusion last night as I was chasing down certificate issues.
Use the following website:
domains: fortbendcountytx.gov and kohls.com
is a major department store and a government agency using self-signed
certificates. How is Smartermail ever going to send to self-signed
certificates via TLS if Smartermail doesn’t change their philosophy?
I have over 10,000 emails a day that could be send via TLS but aren’t because of Smartermail’s choice to validate the certificate. Please stop validating
I have opened a ticket on this issue.(16B-23999EDB-003C).