Re: OpenBSD 5.7-stable/OpenSMTPD 5.4.4 error: client did not present certificate
Am Mittwoch, den 25.11.2015, 18:51 +0100 schrieb Gianluca D.Muscelli: > Hi, if i use verify in /etc/smtpd.conf sometimes I reciveerrors like > this: [..] > Nov 25 16:33:05 server smtpd[12808]: smtp-in: Disconnecting session > 95548f7f974b7523: client did not present certificate > > Any suggestion to fix this problem? There ain't any fix, because this behaviour is exactly the one that you requested: >listen on egress pki mail.example.it tls-require verify smtpd.conf(5) | If tls-require verify is specified, the client must provide a valid | certificate to be able to establish an SMTP session. If you don't want this, don't use it. BTW, you have other problems as well (found out while trying to PM): $ dig gianlucamuscelli.it MX gianlucamuscelli.it.85780 IN MX \ 0 mail.gianlucamuscelli.it. $ dig mail.gianlucamuscelli.it A mail.gianlucamuscelli.it has address 192.168.1.30 $ dig mail.gianlucamuscelli.it ;; connection timed out; no servers could be reached $ dig gianlucamuscelli.it NS gianlucamuscelli.it.85923 IN NS ns1.gianluc amuscelli.it. gianlucamuscelli.it.85923 IN NS ns2.gianluc amuscelli.it. $ dig ns1.gianlucamuscelli.it A ns1.gianlucamuscelli.it. 85923 IN A 192.168.1.30 $ dig ns2.gianlucamuscelli.it ;; connection timed out; no servers could be reached $ dig ns2.gianlucamuscelli.it A ns2.gianlucamuscelli.it. 85923 IN A 192.168.1.30 $ dig ns2.gianlucamuscelli.it ;; connection timed out; no servers could be reached
OpenBSD 5.7-stable/OpenSMTPD 5.4.4 error: client did not present certificate
Hi, if i use verify in /etc/smtpd.conf sometimes I reciveerrors like this: Nov 25 16:33:04 server smtpd[12808]: smtp-in: New session 95548f7f974b7523 from host example.com [x.x.x.x] Nov 25 16:33:05 server smtpd[12808]: smtp-in: Started TLS on session 95548f7f974b7523: version=TLSv1/SSLv3, +cipher=DHE-RSA-AES128-GCM-SHA256, bits=128 Nov 25 16:33:05 server smtpd[12808]: smtp-in: Disconnecting session 95548f7f974b7523: client did not present certificate Any suggestion to fix this problem? Thank you! OpenBSD 5.7-stable OpenSMTPD 5.4.4 $ cat /etc/mail/smtpd.conf queue compression queue encryption key 5fd06dd95d86ebb57144e516b42799cf table aliases db:/etc/mail/aliases.db table domains file:/etc/mail/domains table users file:/etc/mail/users table blacklist-recipients file:/etc/mail/blacklist-recipients pki mail.example.it key "/etc/ssl/private/mail.example.it.key" pki mail.example.it certificate "/etc/ssl/mail.example.it.crt" max-message-size 50M listen on egress pki mail.example.it smtps auth hostname example.it listen on egress pki mail.example.it tls-require verify hostname example.it mask-source accept from any \ recipient ! \ for domain \ virtual \ deliver to maildir "/var/mail/%{user.username}/Inbox" accept \ recipient ! \ for local alias \ deliver to maildir "/var/mail/%{user.username}/Inbox" listen on lo0 hostname example.it listen on lo0 port 10028 tag DKIM hostname example.it accept tagged DKIM \ for any \ relay \ hostname example.it accept from local \ for any \ relay via smtp://127.0.0.1:10027 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]