>Сертификат нормально сделан? Не стоит ли аутетнификация клиента по сертификатам, а сертификат
>клиента не соответствует FQDN? Сертификаты генерил и подсовывал разные, т.е. по разным описаням деланые. Думаю не в нем дело, вот интересный момент /var/log/maillog ->
postfix/smtpd[7006]: initializing the server-side TLS engine
postfix/smtpd[7006]: connect from localhost[127.0.0.1]
postfix/smtpd[7006]: setting up TLS connection from localhost[127.0.0.1]
postfix/smtpd[7006]: SSL_accept:before/accept initialization
postfix/smtpd[7006]: read from 080DD800 [080FE000] (11 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv2/v3 read client hello A
postfix/smtpd[7006]: read from 080DD800 [080FE000] (11 bytes => 11 (0xB))
postfix/smtpd[7006]: 0000 80 7c 01 03 01 00 63 00|00 00 10 .|....c. ...
postfix/smtpd[7006]: read from 080DD800 [080FE00B] (115 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv2/v3 read client hello B
postfix/smtpd[7006]: read from 080DD800 [080FE00B] (115 bytes => 115 (0x73))
postfix/smtpd[7006]: 0000 00 00 39 00 00 38 00 00|35 00 00 16 00 00 13 00 ..9..8.. 5.......
postfix/smtpd[7006]: 0010 00 0a 07 00 c0 00 00 33|00 00 32 00 00 2f 03 00 .......3 ..2../..
------- опускаем абракадабру
postfix/smtpd[7006]: 0060 02 00 80 e9 b3 79 0e 6c|fe 90 30 fb 34 43 d2 91 .....y.l ..0.4C..
postfix/smtpd[7006]: 0070 f1 23 96 .#.
postfix/smtpd[7006]: SSL_accept:SSLv3 read client hello A
postfix/smtpd[7006]: SSL_accept:SSLv3 write server hello A
postfix/smtpd[7006]: SSL_accept:SSLv3 write certificate A
postfix/smtpd[7006]: SSL_accept:SSLv3 write key exchange A
postfix/smtpd[7006]: SSL_accept:SSLv3 write server done A
postfix/smtpd[7006]: write to 080DD800 [0810D000] (1188 bytes => 1188 (0x4A4))
postfix/smtpd[7006]: 0000 16 03 01 00 4a 02 00 00|46 03 01 44 61 d4 94 e9 ....J... F..Da...
postfix/smtpd[7006]: 0010 b3 04 a0 25 24 53 72 94|13 cf 81 97 4d f3 fe ac ...%$Sr. ....M...
------- опускаем абракадабру
postfix/smtpd[7006]: 0490 32 b7 b1 4b cf 13 51 89|a7 2a 8e 16 03 01 00 04 2..K..Q. .*......
postfix/smtpd[7006]: 04a0 0e .
postfix/smtpd[7006]: 04a1 - <SPACES/NULLS>
postfix/smtpd[7006]: SSL_accept:SSLv3 flush data
postfix/smtpd[7006]: read from 080DD800 [080FE000] (5 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv3 read client certificate A
postfix/smtpd[7006]: SSL_accept:error in SSLv3 read client certificate A
postfix/smtpd[7006]: read from 080DD800 [080FE000] (5 bytes => 5 (0x5))
postfix/smtpd[7006]: 0000 16 03 01 00 86 .....
postfix/smtpd[7006]: read from 080DD800 [080FE005] (134 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv3 read client certificate A
postfix/smtpd[7006]: read from 080DD800 [080FE005] (134 bytes => 134 (0x86))
postfix/smtpd[7006]: 0000 10 00 00 82 00 80 49 bf|64 73 db d4 3d b7 f7 08 ......I. ds..=...
postfix/smtpd[7006]: 0010 93 06 d2 1b 62 1d 39 1c|b5 b2 ec 34 1e 4b f1 e6 ....b.9. ...4.K..
postfix/smtpd[7006]: 0020 9a 03 bb 24 a8 20 b0 56|ee 2f 9e 77 21 e5 b2 d4 ...$. .V ./.w!...
postfix/smtpd[7006]: 0030 70 ab 7e e7 6d 17 e4 c2|b8 9e a7 6c bb 8f 92 52 p.~.m... ...l...R
postfix/smtpd[7006]: 0040 1f 59 b0 f5 57 77 4f cb|1d 34 5b 0f 8a a7 6f f4 .Y..WwO. .4[...o.
postfix/smtpd[7006]: 0050 8e 8a 54 7d 7e 95 28 fb|0f 78 0c df 29 41 6b ce ..T}~.(. .x..)Ak.
postfix/smtpd[7006]: 0060 eb 47 c3 b8 5e be 0d 59|a5 e2 66 7b 61 e3 dd a3 .G..^..Y ..f{a...
postfix/smtpd[7006]: 0070 23 9c 13 98 97 a6 7a b2|54 b6 a0 1e 06 0b 91 bb #.....z. T.......
postfix/smtpd[7006]: 0080 f6 00 cc 60 20 23 ...` #
postfix/smtpd[7006]: SSL_accept:SSLv3 read client key exchange A
postfix/smtpd[7006]: read from 080DD800 [080FE000] (5 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv3 read certificate verify A
postfix/smtpd[7006]: read from 080DD800 [080FE000] (5 bytes => 5 (0x5))
postfix/smtpd[7006]: 0000 14 03 01 00 01 .....
postfix/smtpd[7006]: read from 080DD800 [080FE005] (1 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv3 read certificate verify A
postfix/smtpd[7006]: read from 080DD800 [080FE005] (1 bytes => 1 (0x1))
postfix/smtpd[7006]: 0000 01 .
postfix/smtpd[7006]: read from 080DD800 [080FE000] (5 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv3 read certificate verify A
postfix/smtpd[7006]: read from 080DD800 [080FE000] (5 bytes => 5 (0x5))
postfix/smtpd[7006]: 0000 16 03 01 00 30 ....0
postfix/smtpd[7006]: read from 080DD800 [080FE005] (48 bytes => -1 (0xFFFFFFFF))
postfix/smtpd[7006]: SSL_accept:error in SSLv3 read certificate verify A
postfix/smtpd[7006]: read from 080DD800 [080FE005] (48 bytes => 48 (0x30))
postfix/smtpd[7006]: 0000 60 9b fe 4b 67 2b 38 da|cc 72 e6 d7 4a e6 0b 67 `..Kg+8. .r..J..g
postfix/smtpd[7006]: 0010 f2 57 0c 83 a9 7a bd a6|69 de 5b 09 08 89 bf e2 .W...z.. i.[.....
postfix/smtpd[7006]: 0020 a1 b4 1c 91 52 4d b1 de|0d da 6b ea 78 c2 e7 6e ....RM.. ..k.x..n
postfix/smtpd[7006]: SSL_accept:SSLv3 read finished A
postfix/smtpd[7006]: SSL_accept:SSLv3 write change cipher spec A
postfix/smtpd[7006]: SSL_accept:SSLv3 write finished A
postfix/smtpd[7006]: write to 080DD800 [0810D000] (59 bytes => 59 (0x3B))
postfix/smtpd[7006]: 0000 14 03 01 00 01 01 16 03|01 00 30 4e b4 4b c0 cf ........ ..0N.K..
postfix/smtpd[7006]: 0010 a9 79 3c cd e4 0c cf 8d|5f 7c b4 22 a8 9e 1c 38 .y<..... _|."...8
postfix/smtpd[7006]: 0020 57 01 74 fc 58 89 a4 f2|db d9 aa 78 70 68 8e bd W.t.X... ...xph..
postfix/smtpd[7006]: 0030 ae 3a 42 da d5 fb d3 ec|4e 75 79 .:B..... Nuy
postfix/smtpd[7006]: SSL_accept:SSLv3 flush data
postfix/smtpd[7006]: TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
sendmail[6995]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
postfix/smtpd[7006]: E6D8E16481C: client=localhost[127.0.0.1]
postfix/cleanup[7009]: E6D8E16481C: message-id=<200605101155.k4ABt0sR006995@x.domain.xx>
sendmail[6995]: k4ABt0sR006995: to=operator, ctladdr=operator (2/5), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30289, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as E6D8E16481C)
postfix/qmgr[760]: E6D8E16481C: from=<operator@x.domain.xx>, size=883, nrcpt=1 (queue active)
postfix/smtpd[7006]: disconnect from localhost[127.0.0.1]
postfix/local[7010]: E6D8E16481C: to=<root@domain.xx>, orig_to=<operator@x.domain.xx>, relay=local, delay=1, status=sent (delivered to maildir)