Lindsay Haisley writes:
On Sat, 2008-12-06 at 18:29 -0500, Sam Varshavchik wrote:Lindsay Haisley writes:> It appears that installing the "missing" cert file changed the game > here. Instead of "No such file or directory" I'm now getting the > following:> > Dec 6 16:42:00 shakti courieresmtp: id=0000000000001185.00000000493AFF92.00004B31,from=<[EMAIL PROTECTED]>,addr=<....>: Operation now in progress> Dec 6 16:42:00 shakti courieresmtp: id=0000000000001185.00000000493AFF92.00004B31,from=<[EMAIL PROTECTED]>,addr=<....>,status: deferred> > This doesn't make a whole lot of sense. As before, if I turn off> ESMTP_USE_STARTTLS and run the queue on this message I get:> > Dec 6 16:46:48 shakti courieresmtp: id=0000000000001185.00000000493AFF92.00004B31,from=<[EMAIL PROTECTED]>,addr=<....>,size=226,success: delivered: tchemail.texaschildrens.org [207.231.32.243]> Dec 6 16:46:48 shakti courieresmtp: id=0000000000001185.00000000493AFF92.00004B31,from=<[EMAIL PROTECTED]>,addr=<....>,size=226,status: success> > Gaaaa!What version of Courier are you on?0.60.0 on both servers here. That's the latest version available in Gentoo Linux, stable or unstable.I have no problems making a test connection to this host using couriertls. The host does appear to be using a self-signed cert. addcr | TLS_VERIFYPEER=NONE couriertls -host=tchemail.texaschildrens.org -port=25 -protocol=smtp -printx509=2I get the cert data back here, too.
The header from your message to this mailing list indicates that your Courier server has no problems using TLS to talk to Sourceforge's mail server:
Received: from shakti.fmp.com ([216.110.12.105]) by 72vjzd1.ch3.sourceforge.com
with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) id 1L96sL-0004GT-Ja
for [email protected]; Sat, 06 Dec 2008 23:47:54
+0000
So, you seem to be able to send using TLS just fine, at least to
Sourceforge. If you're having a problem with a different box, compare its
configuration to this one's, to see what's different.
If this is the same box that's having problem, it must be having a problem with certain servers only. Someone else earlier this week reported that MS Exchange has a broken implementation of DES_CBC3-SHA, and I notice that tchemail.texaschildrens.org is running Exchange.
If you can isolate this to Exchange only, set the following in courierd, which may fix this:
TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!DES-CBC3-SHA:[EMAIL PROTECTED]"
pgpdtq7j2bsSI.pgp
Description: PGP signature
------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
