Wait... I get it now. I did some more reading. The dell server is
trying to send the message to my server encrypted, it gets to my
server, my server has a self-signed certificate and because of this,
the transaction fails. According to what I'm reading here
(http://www.ietf.org/rfc/rfc2487.txt and
http://www.sendmail.org/~ca/email/starttls.html), if I had my
certificate signed, the two servers would have been able to negotiate
a connection, and it would probably go through.
So I am not misconfigured, I'm just not set up to receive this sort of
communication...
Quoting Chris Ditri <groove...@brokensolstice.com>:
Thanks for the reply!
So this sounds like MY server talking to dell's server, attempting to
use TLS in the transfer, and the certificate fails. The message still
gets sent (though I imagine unencrypted, which is fine) -- correct?
There was no error output, that was the closest thing to an error... I
still have not received the quote from Dell, so it seems reasonable to
conclude the problem is on their end -- correct? My Server is
functioning normally?
I appreciate the help.
Quoting Jason George <li...@masterplan.org>:
Hi everyone.
I have been using sendmail on my open BSD server for some time now. I
am using smtpvilter with clamwin and spam assassin. I am using TLS
with a self-signed certificate.
I haven't had an issue for 2 years... then suddenly I get this:
sm-mta[23903]: STARTTLS=client, relay=smtp.ins.dell.com.,
version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA,
bits=256/256
Jan 28 17:58:29 mx1 imapd[21971]:
I am getting this when our dell rep is trying to send me a quote. I
receive all of his other email just fine -- but when he sends a quote
I get the error above.
I do not understand why TLS even comes into play here, because he is
not relaying off of my server (at least, he shouldn't be). Is this a
misconfiguration on their end -- or mine? I've been good for 2 years,
so I can't beleive it is something I did or did not do...
Can someone help?
Thanks.
There is nothing wrong with your configuration. That particular Dell mail
server is talking to your mail server in that particular way (TLS/SSL)
with
a
self-signed certificate. It simply means that the conversation is
encrypted
by that the verification of the communication partner cannot be
validated with
a certificate authority. You are mis-reading the log message.
http://www.sendmail.org/~ca/email/starttls.html
Here is an outbound email from one of my servers...
Jan 28 08:46:47 chromatic sm-mta[18018]: STARTTLS=client,
relay=meleagros.siemens.com., version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
And one inbound...
Jan 28 09:36:21 chromatic sm-mta[18298]: STARTTLS=server,
relay=tdwems06x08.thindata.net [64.34.54.224], version=TLSv1/SSLv3,
verify=NO,
cipher=DHE-DSS-AES256-SHA, bits=256/256
The relay is simply the the partner in the transaction.
--
Reduce spam! Please send emails directly to an email address only from
your
trusted email service -- Please do not enter a friend's email address
on any web
site (such as tagged, any "e-card", or anything similar to "mail to a
friend").
Respectable sites will not ask you for your friend's and family's
email addresses.
--
Reduce spam! Please send emails directly to an email address only from your
trusted email service -- Please do not enter a friend's email address
on any web
site (such as tagged, any "e-card", or anything similar to "mail to a
friend").
Respectable sites will not ask you for your friend's and family's
email addresses.
