On our outgoing mail server, we've recently upgraded to Debian Squeeze (stable), and we're having some odd issues with TLS authentication. I suspect it may be an issue with OpenSSL, or maybe my tinkering with TLS after the fact to try to get things working again. However, I've gone over Exim's configuration with a fine-toothed comb and gone through the original configuration checklist for authentication through TLS, and some clients are still having problems.
The specific problem we're having is that Gnome Evolution, Mozilla Thunderbird, and Eudora refuse to authenticate with TLS. Outlook and Outlook Express appear to not have a problem, and that represents the bulk of the clients connecting to the server, but the other clients use SSL properly. Thunderbird for example, produces the error message "An error occurred during a connection to <hostname>:25. Peer's public key is invalid. (Error code: sec_error_bad_key)" when I try connecting with STARTTLS and Encrypted passwords. For the life of me, I can find no reference to the use of public keys in the Exim configuration, and OpenSSL doesn't use them anymore, instead including the public key as part of the private key, and using an intermediate CA certificate. Other tests I've done: I can use swaks to successfully authenticate: $ swaks -s smtp.lightspeed.ca -p 25 --ehlo office.lightspeed.ca -au <myuser> -ap <mypass> -t <myaddress> -f <myaddress> === Trying smtp.lightspeed.ca:25... === Connected to smtp.lightspeed.ca. <- 220 ns2.lightspeed.ca ESMTP Exim 4.72 Thu, 31 Mar 2011 08:52:20 -0700 -> EHLO office.lightspeed.ca <- 250-ns2.lightspeed.ca Hello office.lightspeed.ca [65.110.29.154] <- 250-SIZE 52428800 <- 250-PIPELINING <- 250-AUTH PLAIN LOGIN <- 250-STARTTLS <- 250 HELP -> AUTH LOGIN <- 334 <encrypted> -> <encrypted> <- 334 <encrypted> -> <encrypted> <- 235 Authentication succeeded -> MAIL FROM:<myaddress> <- 250 OK -> RCPT TO:<myaddress> <- 250 Accepted -> DATA <- 354 Enter message, ending with "." on a line by itself -> Date: Thu, 31 Mar 2011 08:52:15 -0699 -> To: <myaddress> -> From: <myaddress> -> Subject: test Thu, 31 Mar 2011 08:52:15 -0699 -> X-Mailer: swaks v20100211.0 jetmore.org/john/code/swaks/ -> -> This is a test mailing -> -> . <- 250 OK id=1Q5KAW-0005Ep-TX -> QUIT <- 221 ns2.lightspeed.ca closing connection === Connection closed with remote host. As you can see here, the Exim server is offering STARTTLS and the PLAIN and LOGIN authentication methods. And the authentication works. If I try the OpenSSL method, the connection fails: $ openssl s_client -starttls smtp -crlf -connect smtp.lightspeed.ca:25 CONNECTED(00000003) depth=0 /serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R)/CN=ns2.lightspeed.ca verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R)/CN=ns2.lightspeed.ca verify error:num=27:certificate not trusted verify return:1 depth=0 /serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R)/CN=ns2.lightspeed.ca verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R)/CN=ns2.lightspeed.ca i:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA --- Server certificate -----BEGIN CERTIFICATE----- <certificate> -----END CERTIFICATE----- subject=/serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R)/CN=ns2.lightspeed.ca issuer=/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA --- Acceptable client certificate CA names /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/L=Brasilia/ST=DF/CN=Autoridade Certificadora Raiz Brasileira /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected] /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected] /C=DE/ST=Hessen/L=Fulda/O=Debconf/CN=Debconf CA/[email protected] /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/[email protected] /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/[email protected] /C=US/ST=DC/L=Washington/O=ABA.ECOM, INC./CN=ABA.ECOM Root CA/[email protected] /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root /C=US/O=America Online Inc./CN=America Online Root Certification Authority 1 /C=US/O=America Online Inc./CN=America Online Root Certification Authority 2 /C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner Root Certification Authority 1 /C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner Root Certification Authority 2 /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root /O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA-Baltimore Implementation /C=WW/O=beTRUSTed/CN=beTRUSTed Root CAs/CN=beTRUSTed Root CA /O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - Entrust Implementation /O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - RSA Implementation /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root /C=FR/O=Certplus/CN=Class 2 Primary CA /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA /C=US/O=Digital Signature Trust Co./OU=DSTCA E1 /C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA X1/CN=DST RootCA X1/[email protected] /C=US/O=Digital Signature Trust Co./OU=DSTCA E2 /C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA X2/CN=DST RootCA X2/[email protected] /C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6 /O=Digital Signature Trust Co./CN=DST Root CA X3 /O=Entrust.net/OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Client Certification Authority /O=Entrust.net/OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) /C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority /C=US/O=Equifax/OU=Equifax Secure Certificate Authority /C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1 /C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2 /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 /C=ES/L=C/ Muntaner 244 Barcelona/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068/[email protected] /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2 /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root /C=US/O=GTE Corporation/CN=GTE CyberTrust Root /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./[email protected] C.I.F. B-60929452/OU=IPS CA Chained CAs Certification Authority/CN=IPS CA Chained CAs Certification Authority/[email protected] /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./[email protected] C.I.F. B-60929452/OU=IPS CA CLASE1 Certification Authority/CN=IPS CA CLASE1 Certification Authority/[email protected] /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./[email protected] C.I.F. B-60929452/OU=IPS CA CLASE3 Certification Authority/CN=IPS CA CLASE3 Certification Authority/[email protected] /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./[email protected] C.I.F. B-60929452/OU=IPS CA CLASEA1 Certification Authority/CN=IPS CA CLASEA1 Certification Authority/[email protected] /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./[email protected] C.I.F. B-60929452/OU=IPS CA CLASEA3 Certification Authority/CN=IPS CA CLASEA3 Certification Authority/[email protected] /C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/[email protected] /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./[email protected] C.I.F. B-60929452/OU=IPS CA Timestamping Certification Authority/CN=IPS CA Timestamping Certification Authority/[email protected] /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B) Tanusitvanykiado /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C) Tanusitvanykiado /C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/[email protected] /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//[email protected] /O=RSA Security Inc/OU=RSA Security 1024 V3 /O=RSA Security Inc/OU=RSA Security 2048 V3 /C=US/O=SecureTrust Corporation/CN=Secure Global CA /C=US/O=SecureTrust Corporation/CN=SecureTrust CA /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 /C=FI/O=Sonera/CN=Sonera Class1 CA /C=FI/O=Sonera/CN=Sonera Class2 CA /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority /C=IL/ST=Israel/L=Eilat/O=StartCom Ltd./OU=CA Authority Dep./CN=Free SSL Certification Authority/[email protected] /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1 /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2 /C=CH/O=SwissSign AG/CN=SwissSign Platinum CA - G2 /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 /C=TW/O=Government Root Certification Authority /C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 2 CA/[email protected] /C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 3 CA/[email protected] /C=DK/O=TDC Internet/OU=TDC Internet Root CA /C=DK/O=TDC/CN=TDC OCES CA /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Basic CA/[email protected] /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Freemail CA/[email protected] /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Premium CA/[email protected] /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected] /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/[email protected] /C=ZA/ST=Western Cape/L=Durbanville/O=Thawte/OU=Thawte Certification/CN=Thawte Timestamping CA /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Network Applications /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1 Policy Validation Authority/CN=http://www.valicert.com//[email protected] /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//[email protected] /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 1 Public Primary Certification Authority - G3 /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 2 Public Primary Certification Authority - G3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority /O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)00/CN=VeriSign Time Stamping Authority CA /C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root /C=US/O=VISA/OU=Visa International Service Association/CN=GP Root 2 /C=US/O=Wells Fargo/OU=Wells Fargo Certification Authority/CN=Wells Fargo Root Certificate Authority /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - CA Klasa 1 /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - CA Klasa 2 /C=PL/O=TP Internet Sp. z o.o./CN=CC Signet - CA Klasa 3/serialNumber=Numer wpisu: 4 /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - OCSP Klasa 2 /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - OCSP Klasa 3 /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - PCA Klasa 2 /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - PCA Klasa 3 /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - RootCA /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - TSA Klasa 1 /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certification Authority/[email protected] /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/[email protected] /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 --- SSL handshake has read 22345 bytes and written 468 bytes --- New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-DSS-AES256-SHA Session-ID: 510F41918AD4A65D88A43BC6ED66651F98842EBBF7975295F6808342F9AE7067 Session-ID-ctx: Master-Key: 53D1F9E30DC867D662BC2F859B79319294F67D7EB8753237A181DBE41C84B69EF00721F63BFC8938613EB7B694D8C53F Key-Arg : None Start Time: 1301593832 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 HELP quit 221 ns2.lightspeed.ca closing connection closed -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
