On 10.04.2010 11:08, Mick wrote:
> Apr 9 21:45:47 my_box sendmail[4013]: STARTTLS=client,
> relay=smtp.comcast.net, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-
> AES256-SHA, bits=256/256
>
> Any idea why this is happening?
Nothing to worry about. It just means you do not trust the certificate
issuer for smtp.comcast.net. For smtp delivery, this is perfectly fine.
See below:
$ openssl s_client -connect smtp.comcast.net:25 -starttls smtp
[...]
SSL-Session:
[...]
Verify return code: 20 (unable to get local issuer certificate)
versus when I tell it to trust some CAs (including verisign) on the
local machine:
openssl s_client -connect smtp.comcast.net:25 -starttls smtp -CApath
/etc/ssl/certs/
[...]
SSL-Session:
[...]
Verify return code: 0 (ok)
--
Eray
