Hello, I found this in my logfile this morning and was wondering (at least) two things. (1.) is the ".pue.de" entry at error, since it is not specifying a fully qualified host name? (2.) is due to the (assumed) error of (1.) the delivery to the "mout.kundenserver.de" (and 212.114.86.56) not performed?
Or is the reason simply because of the IP address mismatch error below? Thanks for helping me understand. ... Aug 26 07:29:00 butterfly postfix-tlspol[194692]: INFO Evaluated policy for "pue.de": secure match=mail.pue.de:.pue.de:mout.kundenserver.de:212.114.86.56 servername=hostname (from cache, 700h38m56s remaining) ... Aug 26 07:30:01 butterfly postfix/smtp[4095399]: initializing the client-side TLS engine Aug 26 07:30:02 butterfly postfix/smtp[4095459]: firewall.pue.de[93.240.123.73]:25: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:!SEED:!IDEA:!3DES:!RC2:!RC4:!RC5:!kDH:!kECDH:!aDSS:!MD5:+RC4:@STRENGTH:!aNULL" Aug 26 07:30:02 butterfly postfix/smtp[4095459]: firewall.pue.de[93.240.123.73]:25: SNI hostname: firewall.pue.de Aug 26 07:30:02 butterfly postfix/smtp[4095459]: looking for session smtp&pue.de&firewall.pue.de&93.240.123.73&8&&2D8F853B5C9F2BBAABE2B29D1D85F0F141539CD986896D100E138494A652F90A in smtp cache Aug 26 07:30:02 butterfly postfix/smtp[4095459]: reloaded session smtp&pue.de&firewall.pue.de&93.240.123.73&8&&2D8F853B5C9F2BBAABE2B29D1D85F0F141539CD986896D100E138494A652F90A from smtp cache Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:before SSL initialization Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS write client hello Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS read server hello Aug 26 07:30:02 butterfly postfix/smtp[4095459]: firewall.pue.de[93.240.123.73]:25: depth=0 verify=0 subject=/CN=*.pue.de Aug 26 07:30:02 butterfly postfix/smtp[4095459]: firewall.pue.de[93.240.123.73]:25: depth=2 verify=1 subject=/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46 Aug 26 07:30:02 butterfly postfix/smtp[4095459]: firewall.pue.de[93.240.123.73]:25: depth=1 verify=1 subject=/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication CA DV R36 Aug 26 07:30:02 butterfly postfix/smtp[4095459]: firewall.pue.de[93.240.123.73]:25: depth=0 verify=1 subject=/CN=*.pue.de Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS read server certificate Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS read server key exchange Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS read server done Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS write client key exchange Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS write change cipher spec Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS write finished Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS read change cipher spec Aug 26 07:30:02 butterfly postfix/smtp[4095459]: SSL_connect:SSLv3/TLS read finished Aug 26 07:30:02 butterfly postfix/smtp[4095459]: save session smtp&pue.de&firewall.pue.de&93.240.123.73&8&&2D8F853B5C9F2BBAABE2B29D1D85F0F141539CD986896D100E138494A652F90A to smtp cache Aug 26 07:30:02 butterfly postfix/tlsmgr[3876636]: put smtp session id=smtp&pue.de&firewall.pue.de&93.240.123.73&8&&2D8F853B5C9F2BBAABE2B29D1D85F0F141539CD986896D100E138494A652F90A [data 1803 bytes] Aug 26 07:30:02 butterfly postfix/tlsmgr[3876636]: write smtp TLS cache entry smtp&pue.de&firewall.pue.de&93.240.123.73&8&&2D8F853B5C9F2BBAABE2B29D1D85F0F141539CD986896D100E138494A652F90A: time=1756186202 [data 1803 bytes] Aug 26 07:30:02 butterfly postfix/smtp[4095459]: server certificate verification failed for firewall.pue.de[93.240.123.73]:25: num=64:IP address mismatch Aug 26 07:30:02 butterfly postfix/smtp[4095459]: firewall.pue.de[93.240.123.73]:25: subject_CN=*.pue.de, issuer=Sectigo Public Server Authentication CA DV R36, cert fingerprint=86:BC:0F:9F:EE:0F:C9:69:0F:75:BE:41:44:E8:65:68:5B:A1:08:85:3D:39:69:F4:5F:31:99:9C:F5:01:83:48, pkey fingerprint=41:8A:22:BB:81:1B:0E:06:10:82:3F:5A:7A:F7:19:93:9D:EE:15:52:51:57:4F:52:52:F9:8B:5C:3B:35:C9:0F Aug 26 07:30:02 butterfly postfix/smtp[4095459]: Untrusted TLS connection established to firewall.pue.de[93.240.123.73]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 26 07:30:02 butterfly postfix/smtp[4095459]: TLSRPT: status=failure, domain=pue.de, receiving_mx=firewall.pue.de[93.240.123.73], failure_type=certificate_not_trusted Aug 26 07:30:02 butterfly postfix/smtp[4095459]: BCDD8F801BA: to=<redac...@pue.de>, relay=firewall.pue.de[93.240.123.73]:25, delay=69740, delays=69740/0.03/0.28/0, dsn=4.7.5, status=deferred (Server certificate not verified) Aug 26 07:30:01 butterfly postfix-tlspol[194692]: INFO Evaluated policy for "pue.de": secure match=mail.pue.de:.pue.de:mout.kundenserver.de:212.114.86.56 servername=hostname (from cache, 700h37m55s remaining) (I am not affiliated with pue.de) Thanks for knowledge spreading. Florian _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
