Re: STARTTLS / DANE difficulties?

James B. Byrne Thu, 19 Jul 2018 06:16:49 -0700


On Wed, July 11, 2018 14:13, James B. Byrne wrote:
> On Wed, July 11, 2018 11:12, Viktor Dukhovni wrote:
>> On Wed, Jul 11, 2018 at 10:13:48AM -0400, James B. Byrne wrote:
>>
>>> > The connecting client did not like one of the certificates in the
>>> > chain.  Perhaps it expected to find a working WebPKI certificate
>>> > from one of the usual suspects ("browser bundle" public root
>>> CAs).
>>> >


>
> My concern in this is to assure myself that our services are running
> correctly.  If they are and the difficulties all lie with samba.org
> then can live without the mailing list digest for now.
>

We are encountering errors with several domains similar to the one
reported by samba.org:

. . .
Jul 18 22:36:38 mx31 postgrey[85107]: action=pass, reason=triplet
found, client_name=mailroot5.namespro.ca, client_address=158.85.87.68,
sender=d...@everydayfreight.com, recipient=expo...@harte-lyne.ca
Jul 18 22:36:38 mx31 postfix-p25/smtpd[17802]: lost connection after
DATA (0 bytes) from mailroot5.namespro.ca[158.85.87.68]
Jul 18 22:36:38 mx31 postfix-p25/smtpd[17802]: disconnect from
mailroot5.namespro.ca[158.85.87.68] ehlo=2 starttls=1 mail=1 rcpt=2
data=0/1 commands=6/7
. . .

Jul 18 23:41:45 mx31 policyd-spf[81903]: prepend Received-SPF: Pass
(mailfrom) identity=mailfrom; client-ip=66.135.118.147;
helo=mail.rosedale.ca; envelope-from=jtho...@connectrans.com;
receiver=<UNKNOWN>
Jul 18 23:41:45 mx31 postfix-p25/smtpd[97338]: NOQUEUE:
client=mail.rosedale.ca[66.135.118.147]
Jul 18 23:41:45 mx31 postfix-p25/smtpd[97338]: lost connection after
DATA (0 bytes) from mail.rosedale.ca[66.135.118.147]
. . .

This is causing us problems in our operational departments.  Based on
the message traffic surrounding this issue I have changed the client
certificate request setting to 'no' to see if that improves delivery.

smtpd_tls_ask_ccert = no.

Any insightful comments on this situation are welcomed.


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Re: STARTTLS / DANE difficulties?

Reply via email to