Re: [exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Bill Cole via Exim-users
On 2022-05-31 at 14:33:19 UTC-0400 (Tue, 31 May 2022 20:33:19 +0200) Tim Jackson via Exim-users is rumored to have said: I have some legitimate-looking hosts from a major bank producing log lines like this when attempting incoming connections to a public MX: TLS error on connection from

Re: [exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Viktor Dukhovni via Exim-users
On Tue, May 31, 2022 at 09:55:22PM +0200, Tim Jackson via Exim-users wrote: > Thanks for the clarification. So the issue is the client verification of the > server cert, not a client cert. Yes, unless I've grossly misread your description of the symptoms. > > The DST Root CA is expired. You

Re: [exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Tim Jackson via Exim-users
On 31/05/2022 21:14, Viktor Dukhovni via Exim-users wrote: TLS alerts report error conditions from the remote peer. If your server logs a TLS alert, that alert was generated on the remote end. So if this is a connection from a client to your server, then the "certificate expired" condition is

Re: [exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Viktor Dukhovni via Exim-users
On Tue, May 31, 2022 at 09:20:25PM +0200, Tim Jackson via Exim-users wrote: > > Is there any chance that the client tries to present you a certificate, > > even if you do not request it? No. The TLS protocol precludes the presentation of unsolicited client certificates. If the server does not

Re: [exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Tim Jackson via Exim-users
On 31/05/2022 20:53, Heiko Schlittermann via Exim-users wrote: TLS error on connection from r209.notifications.natwest.com [130.248.154.209]:44104 I=[167.235.252.255]:25 (SSL_accept): error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired Is there any chance that the

Re: [exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Viktor Dukhovni via Exim-users
On Tue, May 31, 2022 at 08:33:19PM +0200, Tim Jackson via Exim-users wrote: > [130.248.154.209]:44104 I=[167.235.252.255]:25 (SSL_accept): > error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired TLS alerts report error conditions from the remote peer. If your server logs

Re: [exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Heiko Schlittermann via Exim-users
Hi Tim, Tim Jackson via Exim-users (Di 31 Mai 2022 20:33:19 CEST): > > TLS error on connection from r209.notifications.natwest.com > [130.248.154.209]:44104 I=[167.235.252.255]:25 (SSL_accept): > error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired Is there any chance

[exim] TLS "certificate expired" warnings on inbound connections

2022-05-31 Thread Tim Jackson via Exim-users
I have some legitimate-looking hosts from a major bank producing log lines like this when attempting incoming connections to a public MX: TLS error on connection from r209.notifications.natwest.com [130.248.154.209]:44104 I=[167.235.252.255]:25 (SSL_accept): error:14094415:SSL