TLS in postfix SMTP client

DreamHost changed SSL cert for mail once again.

There is a tricky way of adding CA certificates into Linux system’s certs repository:

  1. Put CA certificates in /usr/local/share/ca-certificates/, and NOT the system directory /usr/share/ca-certificates/
  2. run update-ca-certificates to update the compiled list of CA certificates.
  3. Add the path to /etc/postfix/main.cf :
    smtp_tls_CApath = /etc/ssl/certs

… but I was too lazy to pursue that way to the end, so I ended up just updating the fingerprint for use by the postfix SMTP client.

Steps to add (update) fingerprint checking to Postfix SMTP client:
Read More