Client did not present a certificate (Postfix)
Solution 1
using TLSv1.2 with cipher (256/256 bits)
The server supports TLS and the client chose to negotiate a secure TLS connection, all is good there.
(Client did not present a certificate)
The cliënt did not use a TLS client certificate to authenticate itself to the server for mutual TLS which is very common and no reason to worry, unless you want/need to do mutual TLS
Solution 2
You have only configured the use of a certificate for Postfix in the role of the server (i.e. receiving a mail). These are the smtpd_*
settings.
But the message you refer to is not about receiving mail by your server but about sending mail from your server to another server, i.e. receiving by the other server. In this case usually only the certificate of the receiving mail server gets checked (i.e. the other one) by the sending system (i.e. your Postfix), if TLS is involved at all (your setting considers this optional, i.e. smtp_tls_security_level = may
).
Some mail servers are configured to not only provide their own certificate for authentication by the sender (i.e. your Postfix) but also to request a certificate from the sender. This is usually optional, i.e. the TLS connection will be accepted even if the sender does not provide such a certificate to authenticate itself. And this is what caused the message "Client did not present a certificate".
If you really want to provide a client certificate you need to explicitly configure at in Postfix with the relevant smtp_*
settings (not smtpd_*
), i.e. smtp_tls_cert_file
etc. See the documentation for details.
Solution 3
You've configured Postfix to ask connecting SMTP clients for a client certificate.
smtpd_tls_ask_ccert = yes
It's not clear why you have done this, as this is not what you said you want. Perhaps it came from an erroneous Internet tutorial?
In any case, you should be able to remove this line to cause the warning to go away.
Related videos on Youtube
David A
Updated on September 18, 2022Comments
-
David A almost 2 years
I have postfix SMTP relay which have been configured with TLS option. Now just realized when sending email to gmail (for example) using Microsoft outlook,found out this "Client did not present a certificate" on the recipient's mail header
Received: from MYCOMPUTER (unknown [100.200.100.150]) (using TLSv1.2 with cipher (256/256 bits)) (Client did not present a certificate) by smtpserver.domain.com (Postfix) with ESMTPSA id ABCDE12345 for [email protected]
I am using purchased wildcard SSL cert from Comodo.
May I know why? Did I configure wrongly?
Please helpsmtpd_tls_security_level = may
smtp_tls_security_level = may
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/certs/key.key
smtpd_tls_cert_file = /etc/postfix/certs/crt.crt
smtpd_tls_CAfile = /etc/postfix/certs/cabundle.ca-bundle
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_ask_ccert = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scachesmtp inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes
-
David A about 6 yearsHi Michael. it showed "No client certificate requested" on recipient's header without " smtpd_tls_ask_ccert = yes".
-
David A about 6 yearsHi HBrujin, can i don't want "Client did not present a certificate"? Any config to add in to main.cf ? Thank you.
-
David A about 6 years
smtp_tls_key_file = $smtpd_tls_key_file <br> smtp_tls_cert_file = $smtpd_tls_cert_file smtp_tls_CAfile = $smtpd_tls_CAfile