On Wed, Jul 08, 2009 at 04:25:43PM +0100, New Old Stk wrote:
> Noel, connecting to server remotely didn't work. I wonder what's the reason
> as no ports seem to be blocked.
>
>
> g2$ openssl s_client -starttls smtp -crlf -connect one.mailexpeditor.com:25
> CONNECTED(00000003)
> 157:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:601:
This server supports "starttls" (sorry have not released smtp-finger yet...)
smtp-finger: Connected to one.mailexpeditor.com[92.60.109.90]:25
smtp-finger: < 220 one.mailexpeditor.com ESMTP Postfix
smtp-finger: > EHLO hqmtaext01.ms.com
smtp-finger: < 250-one.mailexpeditor.com
smtp-finger: < 250-PIPELINING
smtp-finger: < 250-SIZE 10240000
smtp-finger: < 250-VRFY
smtp-finger: < 250-ETRN
smtp-finger: < 250-STARTTLS
smtp-finger: < 250-ENHANCEDSTATUSCODES
smtp-finger: < 250-8BITMIME
smtp-finger: < 250 DSN
smtp-finger: > STARTTLS
smtp-finger: < 220 2.0.0 Ready to start TLS
smtp-finger: Untrusted TLS connection established to
one.mailexpeditor.com[92.60.109.90]:25: TLSv1 with cipher ADH-AES256-SHA
(256/256 bits)
smtp-finger: Server is anonymous
Also works with s_client:
$ openssl s_client -starttls smtp -connect one.mailexpeditor.com:25
CONNECTED(00000003)
depth=1 /C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=GB/ST=Buckinghamshire/L=Milton Keynes/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
i:/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
1 s:/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
i:/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=GB/ST=Buckinghamshire/L=Milton Keynes/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
issuer=/C=GB/ST=Buckinghamshire/O=Mail
Expeditor/CN=one.mailexpeditor.com/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 2505 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
...
Verify return code: 19 (self signed certificate in certificate chain)
---
250 DSN
quit
221 2.0.0 Bye
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[email protected]?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
