Hi Andrew, In short - yes. The smtp transport has already been given the wrong (in my opinion) host name to verify against when it was entered. There are no ocsp settings in my exim.conf.
Chris. On Mon, 8 Jun 2020 at 15:27, Andrew C Aitchison <[email protected]> wrote: > > On Mon, 8 Jun 2020, admin--- via Exim-dev wrote: > > > https://bugs.exim.org/show_bug.cgi?id=2594 > > > > Bug ID: 2594 > > Summary: CNAME handing can break TLS certificate verification > > > Component: TLS > > Assignee: [email protected] > > Reporter: [email protected] > > CC: [email protected] > ... ... ... > > Here is the smtp transport debug output: > > > > smarthost_smtp transport entered > > [email protected] > > hostlist: > > 'mail.edesix.local' IP 192.168.1.6 port -1 > > checking status of mail.edesix.local > > locking /var/spool/exim/db/retry.lockfile > > locked /var/spool/exim/db/retry.lockfile > > EXIM_DBOPEN: file </var/spool/exim/db/retry> dir </var/spool/exim/db> > > flags=O_RDONLY > > returned from EXIM_DBOPEN: 0x5635b371d370 > > opened hints database /var/spool/exim/db/retry: flags=O_RDONLY > > dbfn_read: key=T:mail.edesix.local:192.168.1.6 > > dbfn_read: key=T:mail.edesix.local:192.168.1.6:1jiFk5-0006UE-9S > > EXIM_DBCLOSE(0x5635b371d370) > > closed hints database and lockfile > > no message retry record > > mail.edesix.local [192.168.1.6] retry-status = usable > > 192.168.1.6 in serialize_hosts? no (option unset) > > delivering 1jiFk5-0006UE-9S to mail.edesix.local [192.168.1.6] > > ([email protected]) > > set_process_info: 25033 delivering 1jiFk5-0006UE-9S to mail.edesix.local > > [192.168.1.6] ([email protected]) > > 192.168.1.6 in hosts_require_dane? no (option unset) > > Connecting to mail.edesix.local [192.168.1.6]:25 ... 192.168.1.6 in > > hosts_try_fastopen? yes (matched "*") > > TFO mode sendto, no data: EINPROGRESS > > connected > > read response data: size=72 > > SMTP<< 220 aulus.edesix.com ESMTP Exim 4.80.1 Mon, 08 Jun 2020 > 13:31:02 +0100 > > 192.168.1.6 in hosts_avoid_esmtp? no (option unset) > > SMTP>> EHLO juno.edesix.local > > cmd buf flush 24 bytes > > read response data: size=134 > > SMTP<< 250-aulus.edesix.com Hello juno.edesix.local [192.168.1.10] > > 250-SIZE 52428800 > > 250-8BITMIME > > 250-PIPELINING > > 250-STARTTLS > > 250 HELP > > 192.168.1.6 in hosts_avoid_tls? no (option unset) > > SMTP>> STARTTLS > > cmd buf flush 10 bytes > > read response data: size=18 > > SMTP<< 220 TLS go ahead > > 192.168.1.6 in hosts_require_ocsp? no (option unset) > > 192.168.1.6 in hosts_request_ocsp? yes (matched "*") > > Is 192.168.1.6 in hosts_require_ocsp? Is this a red herring ? > > -- > Andrew C. Aitchison Kendal, UK > [email protected] > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
