Package: bugs.debian.org Severity: normal Dear Maintainer,
When sending a bug, the mail gets sent to the mx bugs-master.debian.org. The exim handling port 25 on that box has a tls cert with CN=buxtehude.debian.org. AFAICT there also is no subAltName extension for bugs-master.debian.org. This prevents the use of TLS with at least some MTAs (I use postfix): :; egrep /smtp'\[' /var/log/mail.log May 7 06:23:18 localhost postfix/smtp[19450]: SSL_connect error to bugs-master.debian.org[140.211.166.26]:25: Connection reset by peer May 7 06:23:18 localhost postfix/smtp[19450]: 252371001CE: Cannot start TLS: handshake failure May 7 06:23:18 localhost postfix/smtp[19450]: Host offered STARTTLS: [bugs-master.debian.org] May 7 06:23:19 localhost postfix/smtp[19450]: 252371001CE: to=<707...@bugs.debian.org>, relay=bugs-master.debian.org[140.211.166.26]:25, delay=454, delays=453/0.04/0.95/0.45, dsn=2.0.0, status=sent (250 OK id=1UZbJQ-00005W-5M) As you can see, the mail got sent, but without tls. If you want the MX for bugs.d.o to be bugs-master.d.o, then that SHOULD be the mailname of the box bugs-master.d.o A resolves to and the TLS cert SHOULD have that name either in CN or subAltName. Or, the actual mailname and CN should be specified in the MX RR. Try running: :; gnutls-cli -p 25 --starttls bugs-master.debian.org to see why the tls handshake failed above. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org