W B Hacker wrote:
Disregard last - Brain Fart - tested his posting address.
Here is a run at [email protected]
No cert complaint not even one mentioned, but blocked for lack of smtp auth.
Bit unusual to require that of 'postmaster@', but I'll presume a bespoke
relay-only box, or simply still under construction?
====
2011-05-27 08:50:36 [10781] 1QPskZ-0004aY-Rn **
[email protected] F=<[email protected]> P=<[email protected]>
R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<[email protected]>: host smtp.arm.beep.pl [193.239.44.82]:
550 SMTP AUTH is required here / Autoryzacja SMTP jest wymagana
2011-05-27 08:50:36 [5340] 1QPske-0001O8-UY <= <> R=1QPskZ-0004aY-Rn
U=_exim P=local S=4277 T="Mail delivery failed: returning message to
sender" from <> for [email protected]
====
Arkadiusz Miskiewicz wrote:
On Monday 23 of May 2011, Heiko Schlittermann wrote:
Arkadiusz Miskiewicz<[email protected]> (Mon May 23 10:52:11 2011):
I've replaced rapidssl cert recently with new one. rapidssl started to
use intermediate certificate. Unfortunately I'm getting in smtp server
logs (exim 4.76):
(SSL_accept): error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert bad
certificate
2011-05-23 10:42:57 TLS client disconnected cleanly (rejected our
certificate?)
tls_certificate points to a file which contains 3 certificates:
- cert for my domain issued by: Issuer: C=US, O=GeoTrust, Inc.,
CN=RapidSSL CA
- intermediate cert:
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Subject: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
- third cert:
Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
in exactly that order.
tls_privatekey points to a file with private key.
The question is why "alert bad certificate" comes up if everything
looks
fine, all intermediate certs are provided etc?
May be you can tell us how to connect the server you're talking
about, some
of the problems can be detected from outside.
It's smtp-arm.beep.pl
Arkadiusz,
Just sent this post back with an extra line or so.
Worked OK to *port 25* from Hong Kong, Exim 4.73 on OpenBSD 4.9 with log
entry of:
2011-05-27 08:38:19 [16457] 1QPsYZ-0007YO-O5 => [email protected]
F=<[email protected]> P=<[email protected]> R=dnslookup T=remote_smtp
S=2172 H=mx01.agnat.pl [193.239.44.65]:25 X=TLSv1:DHE-RSA-AES256-SHA:256
CV=no DN="/C=PL/O=*.agnat.eu/OU=GT03137972/OU=See
www.rapidssl.com/resources/cps (c)07/OU=Domain Control Validated -
RapidSSL(R)/CN=*.agnat.eu" C="250 OK id=1QPsYi-00087O-4A" QT=12s DT=10s
Is the problem unique to your Exim - to what you are using to test the
connection with - or to a different submssion port, and if the last -
can you use simply the same cert that seems to work OK on port 25?
HTH,
Bill Hacker
--
韓家標
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
